Insufficient Collateral Cap Check Allowing Collateral Overflow
Summary
The vulnerability is in the deposit function. When performing a collateral cap check for user deposits, the function does not consider the newly deposited collateral amount in the user's balance. This can result in the user's total collateral surpassing the allowed collateral cap.
Vulnerability Detail
the issue lies with this check
if (accountProps.getTokenAmount(token) > tradeTokenConfig.collateralUserCap) {
revert Errors.CollateralUserCapOverflow(token, tradeTokenConfig.collateralUserCap);
}
which doesn't consider the new collateral amount added which lead to it breaking the invariant of collateral cap.
0xPwnd
Medium
Insufficient Collateral Cap Check Allowing Collateral Overflow
Summary
The vulnerability is in the
depositfunction. When performing a collateral cap check for user deposits, the function does not consider the newly deposited collateral amount in the user's balance. This can result in the user's total collateral surpassing the allowed collateral cap.Vulnerability Detail
the issue lies with this check
which doesn't consider the new collateral amount added which lead to it breaking the invariant of collateral cap.
Impact
Breaking the collateral cap
Code Snippet
https://github.com/sherlock-audit/2024-05-elfi-protocol/blob/8a1a01804a7de7f73a04d794bf6b8104528681ad/elfi-perp-contracts/contracts/process/AssetsProcess.sol#L81-L117
Tool used
Manual Review
Recommendation
Add the new collateralAmount to the cap check
Duplicate of #262