positive pnl is not taken into account in the calculation of collateralDeltaAmount before calling _createDecreasePosition
Summary
When a user withdraws his depositId, the positive PNL (profit and loss) associated with the position is not taken into account. This results in the user not receiving the full amount, including the profit due, when withdrawing funds. Moreover, in some cases it can block withdrawals completely.
Vulnerability Details
_withdraw: Responsible for processing user withdrawals. It calculates the collateralDeltaAmount.
Only negative PnL is taken into account, positive PnL is not added when calculating collateralDeltaAmount. Users do not receive their due share of profits when withdrawing funds.
Impact
Failure to consider a positive PNL when calculating collateralDeltaAmount before calling _createDecreasePosition() may result in users not receiving the full amount due on withdrawal because a portion of their profit will not be included in the calculation of the position reduction amount. However, a negative PnL is taken into account when calculating.
Tools Used
Manual
Recommendations
calculate with positive PnL
Lead Judging Commences
Suppositions
There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.