Zaros Part 1

Zaros

DeFiFoundry

60,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

getAccountEquityUsd does take open position into account, in contradiction with the function's NatSpec description.

tutkata

Vulnerability Details

The function TradingAccount::getAccountEquityUsd has the following comment:

/// @dev This function doesn't take open positions into account.

However, the function returns the user's total collateral + the unrealized PnL of his active positions. Clearly, it is also taking open positions into account, as that is where the unrealized PnL comes from.

Impact

No clear impact, but NatSpec is part of the protocol documentation, so there should be no mistakes there, so that users and developers are not misled.

Tools Used

Manual Review

Recommendations

Make sure the comments are consistent with the implementation.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,878

21 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.