Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

`_fillOrder` does not check against `depositCap` when depositing margin for positive PnL

AllTooWell

Summary

In the _fillOrder function, when settling PnL, if the PnL is positive, USDz is minted and then deposited into the trading account's margin via tradingAccount.deposit. However, the code does not check whether this deposit would exceed the depositCap limit.

Vulnerability Details

As shown in the code below, before executing tradingAccount.deposit(ctx.usdToken, ctx.marginToAddX18), there is no check to ensure that depositing ctx.marginToAddX18 tokens does not exceed the depositCap limit:

// if trader's old position had positive pnl then credit that to the trader
if (ctx.pnlUsdX18.gt(SD59x18_ZERO)) {
ctx.marginToAddX18 = ctx.pnlUsdX18.intoUD60x18();
@> tradingAccount.deposit(ctx.usdToken, ctx.marginToAddX18);
// mint settlement tokens credited to trader; tokens are minted to
// address(this) since they have been credited to trader's deposited collateral
//
// NOTE: testnet only - this call will be updated once the Market Making Engine is finalized
LimitedMintingERC20(ctx.usdToken).mint(address(this), ctx.marginToAddX18.intoUint256());
}

Impact

In _fillOrder, when PnL is positive, the margin deposited may exceed the depositCap.

Tools Used

manual

Recommendations

It is recommended to add a _requireEnoughDepositCap() check before executing tradingAccount.deposit(ctx.usdToken, ctx.marginToAddX18).

Updates

Lead Judging Commences

inallhonesty Lead Judge
over 1 year ago
inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!