Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

The depositor can lose funds because of unsafe function.

danielarmstrong

Summary

The protocol used unsafe transfer() function for collateral token.

Vulnerability Details

PerpetualVault.sol#_transferToken() function is as follows.

function _transferToken(uint256 depositId, uint256 amount) internal {
uint256 fee;
if (amount > depositInfo[depositId].amount) {
fee = (amount - depositInfo[depositId].amount) * governanceFee / BASIS_POINTS_DIVISOR;
if (fee > 0) {
collateralToken.safeTransfer(treasury, fee);
}
}
@> try collateralToken.transfer(depositInfo[depositId].recipient, amount - fee) {}
catch {
1173@>collateralToken.transfer(treasury, amount - fee);
emit TokenTranferFailed(depositInfo[depositId].recipient, amount - fee);
}
totalDepositAmount -= depositInfo[depositId].amount;
emit GovernanceFeeCollected(address(collateralToken), fee);
}

In spite of legitimate user, some tokens may revert by unsafe transfer() function.
In this case, the depositor loses funds.
And L1173 is reverted, too.
Threfore, the keeper has to cancel flow in case of multi-step withdraw.

Impact

The depositor loses funds unexpectedly because of unsafe transfer() function in protocol.
And the keeper has to cancel flow in case of multi-step withdraw to recover protocol from unable flow.

Tools Used

Manual Review

Recommendations

Modify PerpetualVault.sol#_transferToken() function as follows.

function _transferToken(uint256 depositId, uint256 amount) internal {
uint256 fee;
if (amount > depositInfo[depositId].amount) {
fee = (amount - depositInfo[depositId].amount) * governanceFee / BASIS_POINTS_DIVISOR;
if (fee > 0) {
collateralToken.safeTransfer(treasury, fee);
}
}
-- try collateralToken.transfer(depositInfo[depositId].recipient, amount - fee) {}
++ try collateralToken.safeTransfer(depositInfo[depositId].recipient, amount - fee) {}
catch {
-- collateralToken.transfer(treasury, amount - fee);
++ collateralToken.safeTransfer(treasury, amount - fee);
emit TokenTranferFailed(depositInfo[depositId].recipient, amount - fee);
}
totalDepositAmount -= depositInfo[depositId].amount;
emit GovernanceFeeCollected(address(collateralToken), fee);
}
Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Suppositions

There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.

n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Suppositions

There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!