Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Attacker can grief depositing by sending the cap amount of collateral tokens

h2134

Summary

Attacker can grief depositing by sending the cap amount of collateral tokens.

Vulnerability Details

User can deposit margin only when deposit cap is not reached.

// enforce new deposit + already deposited <= deposit cap
_requireEnoughDepositCap(collateralType, amountX18, depositCapX18, totalCollateralDepositedX18);

An attacker can deposit collaterals up to the depositCapX18. The result, is that no one else can deposit collaterals into the contract.

Impact

There is no deposit fee or withdrawal fee charged on deposit or withdrawal, hence a resourced attacker can perform the grief attack without taking any risk.
Users may not be able to open new positions, and before admin raise the deposit cap, their existing positions are subject to liquidation as they cannot deposit funds to keep their margin balance above maintenance margin.

Tools Used

Manual Review

Recommendations

Instead of using a total deposit cap, please consider to set individual deposit cap for each account.

Updates

Lead Judging Commences

inallhonesty Lead Judge
12 months ago
inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

h2134 Submitter
11 months ago
inallhonesty Lead Judge
11 months ago
inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.