DittoETH
Ditto
DeFiFoundryOracle
55,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

collateral ratio can never be the max

0xCiphky

Summary

The protocol has a maximum collateral ratio (CR) set for shorts, which is enforced in two different places within the codebase: createLimitShort and increaseCollateral functions. However, there is a discrepancy in the implementation. The code checks whether the CR is greater than or equal to () the maximum allowed value, thus preventing users from ever reaching the exact maximum CR value.

function createLimitShort(
address asset,
uint80 price,
uint88 ercAmount,
MTypes.OrderHint[] memory orderHintArray,
uint16[] memory shortHintArray,
uint16 initialCR
) external isNotFrozen(asset) onlyValidAsset(asset) nonReentrant {
...
if (Asset.initialMargin > initialCR || cr >= Constants.CRATIO_MAX) {
revert Errors.InvalidInitialCR();
}
...
}
function increaseCollateral(address asset, uint8 id, uint88 amount)
external
isNotFrozen(asset)
nonReentrant
onlyValidShortRecord(asset, msg.sender, id)
{
...
if (cRatio >= Constants.CRATIO_MAX) revert Errors.CollateralHigherThanMax();
...
}

Vulnerability Details

The use of the operator instead of the > operator when comparing the CR with the Constants.CRATIO_MAX prevents users from setting a CR that is exactly equal to the maximum allowable CR, limiting them to values strictly less than the maximum.

Impact

The impact of this issue is relatively low, as it primarily affects the flexibility users have in setting the CR for their shorts.

Tools Used

Manual Analysis

Recommendations

Update the condition to use the > operator instead of , allowing users to set a CR exactly equal to Constants.CRATIO_MAX.

Updates

Lead Judging Commences

0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-326

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.