Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Insufficient Validation on Size Delta

Jan

Summary

The contract SettlementBranch.sol has several Insufficient Validation on Size Delta.

Vulnerability Details

In the _fillOrder method, the sizeDeltaX18 parameter, which represents the size of the order, is directly added to the oldPositionSizeX18 without any checks. This could potentially result in an overflow error if sizeDeltaX18 is an enormous value.

Similar risks are associated with other places in the contract where size deltas are used without proper validation.

For example in the _fillOrder function:

FillOrderContext memory ctx;
...
ctx.oldPositionSizeX18 = sd59x18(oldPosition.size);
ctx.newPosition = Position.Data({
size: ctx.oldPositionSizeX18.add(sizeDeltaX18).intoInt256(),
lastInteractionPrice: fillPriceX18.intoUint128(),
lastInteractionFundingFeePerUnit: ctx.fundingFeePerUnitX18.intoInt256().toInt128()
});
ctx.newPositionSizeX18 = sd59x18(ctx.newPosition.size);

Impact

This could potentially result in an overflow error if sizeDeltaX18 is an enormous value.

Tools Used

Manual Review

Recommendations

Adding size delta values directly can lead to overflow risks. To prevent this, before proceeding with the operations involving sizeDeltaX18, ensure that the value is within a certain reasonable range.

Secondly, use SafeMath operations or check for overflows explicitly to prevent any potential issues. Implementing checks will help ensure that calculations involving these deltas do not result in overflow.

Updates

Lead Judging Commences

inallhonesty Lead Judge
10 months ago
inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.