It's impossible for users to open maximum allowed positions per account
Summary
It's impossible for users to open maximum allowed positions per account because of the wrong check in validatePositionsLimit():
activePositionsLength >= maxPositionsPerAccount
Vulnerability Details
One function of validatePositionsLimit() is to ensure an account doesn't open more than the maximum allowed positions. Hence this check:
if (activePositionsLength >= maxPositionsPerAccount) {
revert Errors.MaxPositionsPerAccountReached(self.id, activePositionsLength, maxPositionsPerAccount);
}
However, the use of "=" in the check means an account cannot open the allowed maximum positions. For example:
If an account is allowed 9 positions max, with the present check in the validatePositionsLimit(), an account cannot open 9 positions except 8. Whereas, 9 is the maximum allowed positions an account can open.
Impact
An account will not be able to open the allowed maximum position because of the wrong check in validatePositionsLimit().
Tools Used
Manual review
Recommendations
The check should be written this way:
if (activePositionsLength > maxPositionsPerAccount) {
revert Errors.MaxPositionsPerAccountReached(self.id, activePositionsLength, maxPositionsPerAccount);
}
Lead Judging Commences
It's impossible for users to open maximum allowed positions per account, drop the equal in `activePositionsLength >= maxPositionsPerAccount`
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.