Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Insufficient Collateral Handling in `_handleReturn` Function

brene

Summary

The _handleReturn function is responsible for finalizing the withdrawal process by calculating the amount of funds to return to the user and transferring the funds. However, the function does not adequately handle the case where the remaining collateral balance is insufficient to cover the user's share of the withdrawal. This could lead to incorrect calculations potentially resulting in financial losses for users.

Vulnerability Details

The _handleReturn function calculates the withdrawal amount as:

function _handleReturn(uint256 withdrawn, bool positionClosed, bool refundFee) internal {
(uint256 depositId) = flowData;
uint256 shares = depositInfo[depositId].shares;
uint256 amount;
if (positionClosed) {
amount = collateralToken.balanceOf(address(this)) * shares / totalShares;
} else {
uint256 balanceBeforeWithdrawal = collateralToken.balanceOf(address(this)) - withdrawn;
>> amount = withdrawn + balanceBeforeWithdrawal * shares / totalShares;
}
//...SNIP...

If the remaining collateral balance is insufficient to cover the user's share (e.g., balanceBeforeWithdrawal * shares / totalShares > collateralToken.balanceOf(address(this))), the calculation of amount will be incorrect, also if withdrawn exceeds the current collateral balance, balanceBeforeWithdrawal will be negative, leading to underflow.
Example: If collateralToken.balanceOf(address(this)) is 1,000 USDC and withdrawn is 1,500 USDC, balanceBeforeWithdrawal will underflow, resulting in unexpected behavior.

Impact

Users may receive incorrect amounts, leading to financial losses. For example, a user might receive less than their fair share due to truncation or underflow.

Tools

Manual Review

Recommendations

Add a check to ensure that withdrawn does not exceed the current collateral balance.

+ if (withdrawn > collateralToken.balanceOf(address(this))) {
+ revert Error.InsufficientCollateral();
}
Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Suppositions

There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.

n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Suppositions

There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!