Zaros Part 1

Zaros

DeFiFoundry

60,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Positive pnl deposit can make the totalDeposited collateral type exceed the max and prevent futher user deposit

inzinko

Summary

When filling orders after do all calculations the function _fillOrder tries to deposit the positive pnl to the user, balance but it does not take into account that the pnl deposit might make it go over the max and prevent deposit from other users

Vulnerability Details

SettlementBranch::_fillOrder L484

if (ctx.pnlUsdX18.gt(SD59x18_ZERO)) {

ctx.marginToAddX18 = ctx.pnlUsdX18.intoUD60x18();

tradingAccount.deposit(ctx.usdToken, ctx.marginToAddX18);

//M-04 Here a deposit here make the maxCollateral execced the max this will make it break an ivariant and make subsequent deposit fail

As seen it tries to deposit without the check of the depositMargin of the TradingAccountBranch where it took into account of the deposit cap

UD60x18 totalCollateralDepositedX18 = ud60x18(marginCollateralConfiguration.totalDeposited);

// enforce converted amount > 0

_requireAmountNotZero(amountX18);

// enforce new deposit + already deposited <= deposit cap

_requireEnoughDepositCap(collateralType, amountX18, depositCapX18, totalCollateralDepositedX18);

When the call to TradingAccount::deposit is made the check is not there so it updates the marginCollateraType balance which might exceed the max and prevent further deposits

TradingAccount::deposit L389

...more code

MarginCollateralConfiguration.Data storage marginCollateralConfiguration =

MarginCollateralConfiguration.load(collateralType);

// update total deposited for this collateral type

marginCollateralConfiguration.totalDeposited =

ud60x18(marginCollateralConfiguration.totalDeposited).add(amountX18).intoUint256()

Impact

Futher deposit of other users can be prevented and also max deposits variable can be exceeded

Tools Used

Manual Review

Recommendations

A check to prevent the max deposit from being exceeded in the _fillOrder function

Updates

Lead Judging Commences

inallhonesty Lead Judge

11 months ago

inallhonesty Lead Judge 11 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,878

21 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.