The long open interest may exceed the max open interest limit #273
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-377
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/PairsContract.sol#L142
Vulnerability details
Impact
In Contract
PairsContract
, when updating the max open interest limit_idToOi[_asset][_tigAsset].maxOi
, the contract did not check the long open interests of existing assets. This may result in the fact that some long open interests of existing assets will be higher than the allowed max open interest limit. This confuses the market.Proof of Concept
Put the below test under
describe('Protocol-only functions', function () {
in test file:02.PairsContract.js
.Tools Used
Manual audit.
Recommended Mitigation Steps
Set the max open interest limit as constant/immutable, or adopt some strategies that can keep consistency between existing long open interests and the max open interest limit.
The text was updated successfully, but these errors were encountered: