Liquidity Management

Gamma

DeFiFoundry

50,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Incorrect share calculation for opened 1x leverage position in `PerpetualVault`

y4y

Summary

In PerpetualVault contract, user deposit and get shares based on deposited amount, the calculation of shares minted varies from position state and leverage value. When there is an opened position with 1x leverage, the minted share calculated is incorrect.

Vulnerability Details

Here in the part of perpetualVault::_mint:

function _mint(

uint256 depositId,

uint256 amount,

bool refundFee,

MarketPrices memory prices

) internal {

uint256 _shares;

if (totalShares == 0) {

_shares = depositInfo[depositId].amount * 1e8;

} else {

uint256 totalAmountBefore;

if (positionIsClosed == false && _isLongOneLeverage(beenLong)) {

totalAmountBefore =

IERC20(indexToken).balanceOf(address(this)) -

amount;

} else {

totalAmountBefore = _totalAmount(prices) - amount;

}

if (totalAmountBefore == 0) totalAmountBefore = 1;

_shares = (amount * totalShares) / totalAmountBefore;

}

We see, when position is opened, and is 1x leverage, totalAmountBefore is derived from balance of index token. The both amount and totalAmountBefore are used for share calculation. When vault is first deployed, most likely there isn't an opened position, and users deposit with positionIsClosed being true, their shares are calculated with amount of collateral token deposited. Now, for 1x leverage position, it's using totalShares, but accounting amount of index token, this is mixing up both shares from index tokens and collateral tokens.

For example, Alice deposited 1000 collateral tokens, with shares being 1000, totalShares being 10000, and totalAmountBefore also being 10000. Later, a position has been opened, and Bob deposited again, this time with 20 index token (about same value of 1000 collateral tokens), when totalAmountBefore in index token's balance is 40. So Bob would get 20 * 11000 / 40 = 5500 shares, which is way more than Alice's shares, despite having same value in collateral tokens.

Impact

Shares are calculated incorrectly for opened 1x leverage position, and will give later users more shares than intended.

Tools Used

Manual review

Recommendations

For total amount calculation, consider converting index token amount to collateral token's equivalent, then use converted amount for share calculation.

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Assigned finding tags:

Suppositions

There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

1,910

26 USDC / LOC

High Medium

47,500

Low

2,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!