pwning_dev - Potential DoS Attack via Integer Overflow

[sherlock-admin3]

pwning_dev

Medium

Potential DoS Attack via Integer Overflow

pwning_dev

Potential DoS Attack via Integer Overflow

Summary

In FeeProcess.sol, the _executeIncreaseOrderMargin function is vulnerable to a DoS attack if accountProps.getCrossAvailableValue() returns a negative value that could lead to unexpected behavior in fixOrderMarginInUsd.

Vulnerability Detail

If fixOrderMarginInUsd becomes zero or negative after adding order.orderMargin.toInt256(), the function may revert due to insufficient balance (revert Errors.BalanceNotEnough(account, marginToken)).

if (accountProps.getCrossAvailableValue() < 0) {
    int256 fixOrderMarginInUsd = order.orderMargin.toInt256() + accountProps.getCrossAvailableValue();
    if (fixOrderMarginInUsd <= 0) {
        revert Errors.BalanceNotEnough(account, marginToken);
    }
    accountProps.subOrderHoldInUsd(order.orderMargin);
    order.orderMargin = fixOrderMarginInUsd.toUint256();
}

Impact

if accountProps.getCrossAvailableValue() is negative,fixOrderMarginInUsd could result in an unintended large positive value or overflow. This value is then converted back to uint256 (order.orderMargin = fixOrderMarginInUsd.toUint256();), potentially causing the order margin to be set to an unintended and excessively large value. Such behavior could lead to unexpected contract state changes, excessive gas consumption, or even a contract revert due to insufficient gas or unexpected logic flow (revert Errors.BalanceNotEnough(account, marginToken)).

Code Snippet

https://github.com/sherlock-audit/2024-05-elfi-protocol/blob/main/elfi-perp-contracts/contracts/process/OrderProcess.sol#L273C4-L311C6

Tool used

Manual Review

Recommendation

[nevillehuang]

Invalid, as mentioned by the watson, because of this check here, overflow is never possible during conversion to int256