Liquidity Management

Gamma

DeFiFoundry

50,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Wrong function is used to get sizeInTokens in VaultReader contract.

triangulum

Summary

For getting sizeInTokens in VaultReader contract at number of places, getPositionSizeInUsd(key) is used (which gives sizeInUsd) instead of the available getPositionSizeInTokens(key) which actually gives the position’s size in tokens(sizeInTokens).

Vulnerability Details

In the function getPositionInfo, in function getNegativeFundingFeeAmount and in function getPnl in the VaultReader contract, getPositionSizeInUsd(key) is used (which gives position size in Usd (sizeInUsd)) instead of the available getPositionSizeInTokens(key) which actually gives the position’s size in tokens(sizeInTokens).

https://github.com/CodeHawks-Contests/2025-02-gamma/blob/84b9da452fc84762378481fa39b4087b10bab5e0/contracts/VaultReader.sol#L48-L54

function getPositionInfo(

bytes32 key,

MarketPrices memory prices

) external view returns (PositionData memory) {

uint256 sizeInTokens = getPositionSizeInUsd(key); //@audit: erroneous line

if (sizeInTokens == 0) {

return PositionData({

https://github.com/CodeHawks-Contests/2025-02-gamma/blob/84b9da452fc84762378481fa39b4087b10bab5e0/contracts/VaultReader.sol#L195-L208

* @return sizeInUsd The size of the position in USD.

function getPositionSizeInUsd(bytes32 key) public view returns (uint256 sizeInUsd) {

sizeInUsd = dataStore.getUint(keccak256(abi.encode(key, SIZE_IN_USD)));

}

/**

* @notice Retrieves the position size in tokens for a given key.

* @param key The key representing the position.

* @return sizeInTokens The size of the position in tokens.

function getPositionSizeInTokens(bytes32 key) public view returns (uint256 sizeInTokens) {

sizeInTokens = dataStore.getUint(keccak256(abi.encode(key, SIZE_IN_TOKENS)));

}

Tools Used

Manual Review

Recommendations

Consider replacing getPositionSizeInUsd(key) by getPositionSizeInTokens(key) in the aforementioned 3 functions, as shown here for the function getPositionInfo:

function getPositionInfo(

bytes32 key,

MarketPrices memory prices

) external view returns (PositionData memory) {

uint256 sizeInTokens = getPositionSizeInTokens(key); //@audit: corrected line

if (sizeInTokens == 0) {

return PositionData({

Updates

Lead Judging Commences

n0kto Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

invalid_getPosition_sizeInTokens_value_in_USD

Only check if there are no tokens. Checking if USD is 0 is equivalent. There is no problem here, even if the variable has an incorrect name: Informational.

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

1,910

26 USDC / LOC

High Medium

47,500

Low

2,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.