VaultReader::getPositionInfo() reverts when absolute value of negative basePnlUsd is more than netValue
Vulnerability Details
There are possibilities that In case of sudden price drop in high leverage vault, The value of basePnlUsd in function getPositionInfo() become negative such that its absolute value become greater than netValue.
In such case Retrieving of position information will not be possible due to function call revert.
Impact
Fetching info related to current open position and total value of vault in terms of collateral token won't be possible. In case these value needed offchain for calculation or liquidation purposes will be affected.
Tools Used
Manual
Recommendations
Handle case when negative netvalue cause function revert to prevent further loss incase of further price depriciation.
Lead Judging Commences
Suppositions
There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.