Closed sherlock-admin3 closed 6 days ago
The protocol team fixed this issue in the following PRs/commits: https://github.com/0xCedar/elfi-perp-contracts/pull/12
@0xELFi @0xELFi02 This issue has no impact, given this function is never called by the LpPool library anywhere else in the codebase, so will never be called. Anything else would be future integration, and invalid per comments here
aman
High
LpPool:unHoldStableToken
will always revert due to wrong require statementSummary
LpPool support hold and unHold stable token amount, However when
unHoldStableToken
is called the function will always revert.Vulnerability Detail
The stable token in LpPool can also be Hold if the execution of funds is pending. so In this case we fist call
holdStableToken
and , for releasing this amount we callunHoldStableToken
the Issue Here is inunHoldStableToken
function lets have a look:In above code we requires that the holdAmount must be less than amount we are going to subtract, it will fail on
underflow or overflow
.paste above code in
chisel
it will revert.Impact
The
holdAmount
for stable token will never be subtracted.Code Snippet
https://github.com/sherlock-audit/2024-05-elfi-protocol/blob/main/elfi-perp-contracts/contracts/storage/LpPool.sol#L307
Tool used
Manual Review
Recommendation
change the require statement