Users could be unable to close their positions in a certain case
Summary
Users could be unable to close their positions in a certain case
Vulnerability Details
Whenever a user's order is filled, we have this function:
The function checks whether the size delta of the order is high enough and reverts otherwise. Imagine the following scenario:
Bob creates a long position of 15 tokens, exactly equal to the minimum trade size
An admin changes the minimum trade size to 20 tokens
Bob can't close his position as the minimum is 20 tokens and his position is of only 15 tokens
Even if we assume that admins would never do such a thing under any circumstances, it can still happen under normal conditions. Bob decides to create a position, an admin changes the minimum trade size and his transaction goes through before Bob's. Then, the issue above will occur. The admin didn't mean to do so however things like that can happen and there is no protection against it.
Impact
Users could be unable to close their positions in a certain case
Tools Used
Manual Review
Recommendations
Remove that check altogether as the function still checks for the actual new order size and it would revert if it is below the minimum and not 0.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.