Open sherlock-admin2 opened 2 weeks ago
This issue has been labeled won't fix
but https://github.com/sherlock-audit/2024-05-elfi-protocol-judging/issues/6 it was just confirmed here too
which is a duplicate of https://github.com/sherlock-audit/2024-05-elfi-protocol-judging/issues/6
@sherlock-admin2 @sherlock-admin3 @Shogoki @rcstanciu @rcstanciu
The protocol team fixed this issue in the following PRs/commits: https://github.com/0xCedar/elfi-perp-contracts/pull/41
Salem
High
User Collateral Cap Check Issue
Summary
User Collateral can exceeds the cap andd deposit will still be processed
Vulnerability Detail
The check
accountProps.getTokenAmount(token) > tradeTokenConfig.collateralUserCap
is designed to ensure that a user's collateral does not exceed their specific cap. However, this validation occurs before the new deposit amount is added, thereby only verifying the current balance. Consequently, this can result in the user's collateral exceeding the cap once the deposit is processed.Impact
this can result in the user's collateral exceeding the cap once the deposit is processed.
Code Snippet
https://github.com/sherlock-audit/2024-05-elfi-protocol/blob/main/elfi-perp-contracts/contracts/process/AssetsProcess.sol#L81
POC
Tool used
Manual Review
Recommendation
Please find the updated check for the new deposit amount below:
This modification ensures that the user's total collateral, including the new deposit, does not exceed the predefined user cap.