Incorrect Margin Calculation in createOrderRequest Function Leading to Potential Inaccurate Margin Holdings
Summary
The vulnerability exists in the createOrderRequest function where it assigns the order margin directly without converting it to USD for non-native tokens. This could result in inaccurate margin holdings, especially for cross-margin orders involving various tokens, leading to potential financial inaccuracies and risks for the protocol.
Vulnerability Detail
imagine this scenario
Bob deposits 100 sol
he creates a crossMargin order request with order margin of 100 sol
then this line executes
if (Order.PositionSide.INCREASE == params.posSide && order.isCrossMargin) {
accountProps.addOrderHoldInUsd(orderMargin);
}
which in this doesn't convert the orderMargin which is 100 sol to it's usd value which may lead to inaccuracies in margin calculations
0xPwnd
High
Incorrect Margin Calculation in createOrderRequest Function Leading to Potential Inaccurate Margin Holdings
Summary
The vulnerability exists in the
createOrderRequest
function where it assigns the order margin directly without converting it to USD for non-native tokens. This could result in inaccurate margin holdings, especially for cross-margin orders involving various tokens, leading to potential financial inaccuracies and risks for the protocol.Vulnerability Detail
imagine this scenario
Impact
Inaccuracies in margin calculations
Code Snippet
https://github.com/sherlock-audit/2024-05-elfi-protocol/blob/8a1a01804a7de7f73a04d794bf6b8104528681ad/elfi-perp-contracts/contracts/process/OrderProcess.sol#L47-L100
Tool used
Manual Review
Recommendation
Verify the margin token and do the usd conversion in case if the margin token is not a stablecoin