Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Deposit Cap and Parameter Checks in Margin Addition Logic

cryptomoon

Summary

In SettlementBranch, vulnerability exists in the logic for adding margin to a trading account where profit and loss (PnL) is positive. The current implementation does not verify the deposit cap or other relevant parameters before depositing margin. This can lead to exceeding deposit limits and potential misuse of the system.

Vulnerability Details

The code directly deposits the margin without checking if the deposit will exceed the deposit cap.

https://github.com/Cyfrin/2024-07-zaros/blob/d687fe96bb7ace8652778797052a38763fbcbb1b/src/perpetuals/branches/SettlementBranch.sol#L482-L491

if (ctx.pnlUsdX18.gt(SD59x18_ZERO)) {
ctx.marginToAddX18 = ctx.pnlUsdX18.intoUD60x18();
tradingAccount.deposit(ctx.usdToken, ctx.marginToAddX18);
// mint settlement tokens credited to trader; tokens are minted to
// address(this) since they have been credited to trader's deposited collateral
//
// NOTE: testnet only - this call will be updated once the Market Making Engine is finalized
LimitedMintingERC20(ctx.usdToken).mint(address(this), ctx.marginToAddX18.intoUint256());
}

Impact

The absence of a deposit cap check can lead to deposits exceeding the predefined limits, which can affect the overall risk management of the protocol.

Tools Used

Manual review

Recommendations

By adding the checks, the protocol can ensure that deposits are within the allowed limits, maintaining financial stability and preventing potential misuse.

Updates

Lead Judging Commences

inallhonesty Lead Judge
over 1 year ago
inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!