Zaros Part 1

Zaros

DeFiFoundry

60,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Next trader with bigger profit than the last won't get usdTokens

sancybars

Summary

Whenever a Trader crates an order and it's being settled if the user had a positive Pnl it is credited back to the Trader.The credit to the trader is made in `USD`, `Usd` already deposited into the contract from a previous traders profit.

This can lead to most profitable traders not recieving the credit they deserve. This is because when the amount `usd ` in the exact amount from a previous traders profit.

Vulnerability Details

if (ctx.pnlUsdX18.gt(SD59x18_ZERO)) {

ctx.marginToAddX18 = ctx.pnlUsdX18.intoUD60x18();

tradingAccount.deposit(ctx.usdToken, ctx.marginToAddX18);

LimitedMintingERC20(ctx.usdToken).mint(address(this), ctx.marginToAddX18.intoUint256());

}

For example; first trader `ctx.marginToAddX18` is 100 usd and there's 120 USD in the contract the first trader will get 100usd deposited to their collateral margin and that same exact 100usd is minted back to the contract.

If the second trader comes trying to claim a profit of 200usd this will fail ass there's only 120 USD left in the contract.

Note:: If `USD` will be sent directly to the contract it might get too much than needed for credit getting them stuck in the contract as there's now way to recover such tokens. Adviced way to credit users is stated in the recommendation.

Impact

Profitable users who profit than the previous trader won't be able to claim profits when adjusting their positions .

Tools Used

Manual Review

Recommendations

Check the contract balance in `usd` if it's enough to cover the credit if it's not enough mint the exact amount need to cover the credit, this will ensure there's no excess USD left in the contract.

// if trader's old position had positive pnl then credit that to the trader

if (pnlUsdX18.gt(SD59x18_ZERO)) {

UD60x18 marginToAddX18 = pnlUsdX18.intoUD60x18();

// Check the contract's balance of USD tokens

uint256 contractUsdBalance = IERC20(usdToken).balanceOf(address(this));

uint256 marginToAdd = marginToAddX18.intoUint256();

// If the contract balance is insufficient, mint the necessary amount

if (contractUsdBalance < marginToAdd) {

uint256 amountToMint = marginToAdd - contractUsdBalance;

LimitedMintingERC20(usdToken).mint(address(this), amountToMint);

}

Updates

Lead Judging Commences

inallhonesty Lead Judge

about 1 year ago

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,878

21 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.