search

sherlock-audit / 2024-05-elfi-protocol-judging

11 stars 7 forks source link

ZeroTrust - poolLiquidityLimit=0 has completely different meanings in UsdPool.sol and LpPoolQueryProcess.sol #238

Closed sherlock-admin2 closed 3 months ago

sherlock-admin2 commented 3 months ago

ZeroTrust

Medium

poolLiquidityLimit=0 has completely different meanings in UsdPool.sol and LpPoolQueryProcess.sol

Summary

poolLiquidityLimit=0 has completely different meanings in UsdPool.sol and LpPoolQueryProcess.sol

Vulnerability Detail

In UsdPool.sol, poolLiquidityLimit=0 means that the available liquidity is 100%

    function isSubAmountAllowed(Props storage self, address stableToken, uint256 amount) public view returns (bool) {
        TokenBalance storage balance = self.stableTokenBalances[stableToken];
        if (balance.amount < amount) {
            return false;
        }
        uint256 poolLiquidityLimit = getPoolLiquidityLimit();
        if (poolLiquidityLimit == 0) {
@>>            return balance.amount - balance.holdAmount >= amount;
        } else {
            return CalUtils.mulRate(balance.amount - amount, poolLiquidityLimit) >= balance.holdAmount;
        }
    }

However in LpPoolQueryProcess.sol, poolLiquidityLimit=0 means that the available liquidity is 0

function getUsdPoolAvailableLiquidity(UsdPool.Props storage pool, address token) public view returns (uint256) {
        UsdPool.TokenBalance memory tokenBalance = pool.getStableTokenBalance(token);
        uint256 totalAmount = tokenBalance.amount + tokenBalance.unsettledAmount;
@>        uint256 availableTokenAmount = CalUtils.mulRate(totalAmount, UsdPool.getPoolLiquidityLimit());
        return availableTokenAmount > tokenBalance.holdAmount ? availableTokenAmount - tokenBalance.holdAmount : 0;
    }

Thus, if poolLiquidityLimit=0, it will cause the entire system to calculate incorrectly. The same issue is in UsdPool.sol and LpPoolQueryProcess.sol.

Impact

If poolLiquidityLimit=0, it will cause the entire system to calculate incorrectly.

Code Snippet

https://github.com/sherlock-audit/2024-05-elfi-protocol/blob/main/elfi-perp-contracts/contracts/storage/UsdPool.sol#L247

https://github.com/sherlock-audit/2024-05-elfi-protocol/blob/main/elfi-perp-contracts/contracts/process/LpPoolQueryProcess.sol#L193

Tool used

Manual Review

Recommendation

Modify the code to make the logic consistent.

0xELFi commented 3 months ago

poolLiquidityLimit is a configuration option, and we will not set it to 0.