Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The long and short open interests can be larger than the max open interest limit #370

Closed
code423n4 opened this issue Dec 16, 2022 · 8 comments
Closed

The long and short open interests can be larger than the max open interest limit #370

code423n4 opened this issue Dec 16, 2022 · 8 comments
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-377 satisfactory satisfies C4 submission criteria; eligible for awards sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/PairsContract.sol#L139-L143

Vulnerability details

Impact

The max open interest limit updating function setMaxOi didn't verify the new max open interest limit against existing long/short open interests. The consequence is that the existing assets' long/short open interests may exceed the reduced max open interest limit. This breaks the business logic: the max open interest limit is not supposed to be exceeded.

Proof of Concept

In the test file: 02.PairsContract.js, add below test in Section describe('Protocol-only functions', function () :

    it('Reduce max open interest limit to lower than short/long open interest', async function () {
        //@audit added
        await pairscontract.connect(owner).addAsset(99, 'XYZ/ABC', ethers.constants.AddressZero, ethers.utils.parseEther('1'), ethers.utils.parseEther('100'), 1e10, 3e9);
        await pairscontract.connect(owner).setProtocol(NewTrading.address);
        await pairscontract.connect(owner).setMaxOi(99, StableToken.address, ethers.utils.parseEther('2000'));
        await pairscontract.connect(NewTrading).modifyLongOi(99, StableToken.address, true, ethers.utils.parseEther('500'));
        await pairscontract.connect(NewTrading).modifyShortOi(99, StableToken.address, true, ethers.utils.parseEther('2000'));
        let [longOi, shortOi] = await pairscontract.idToOi(99, StableToken.address);
        expect(longOi).to.equal(ethers.utils.parseEther('500'));
        expect(shortOi).to.equal(ethers.utils.parseEther('2000'));
        await expect(pairscontract.connect(owner).setMaxOi(99, StableToken.address, ethers.utils.parseEther('100'))).not.to.be.reverted;
    });

Tools Used

N/A.

Recommended Mitigation Steps

One of the possible solution is to limit the max open interest limit to the maximum value of the existing assets' long/short open interests; or to set the max open interest limit as a constant.
@code423n4 code423n4 added 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working labels Dec 16, 2022
code423n4 added a commit that referenced this issue Dec 16, 2022
@code423n4
jadezti issue #370
324e570
@c4-judge
Copy link
Contributor

GalloDaSballo marked the issue as primary issue

@c4-judge c4-judge added the primary issue Highest quality submission among a set of duplicates label Dec 23, 2022
@GalloDaSballo
Copy link

Marginally better, but suspiciously similar to it's dups

This was referenced Dec 23, 2022
Closed
Closed
@TriHaz
Copy link

TriHaz commented Jan 10, 2023

I don't see any issue in that, if max OI is modified, the expected behaviour will be that no new positions will be opened until current OI decreases to less than the new max OI.

@c4-sponsor c4-sponsor added the sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue label Jan 10, 2023
@c4-sponsor
Copy link

TriHaz marked the issue as sponsor disputed

@GalloDaSballo
Copy link

The finding shows how the current value of OI can be above the max if the value for max is reduced.

The sponsor says that this will not cause issues as no new position will be opened.

If no liquidation nor MEV advantageous scenario can be created, I agree with the Sponsor and may keep the finding as QA at most
If an advantageous scenario can be identified I'll rate Med due to conditionality

Will dig deeper

@c4-judge c4-judge added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value downgraded by judge Judge downgraded the risk level of this issue and removed 3 (High Risk) Assets can be stolen/lost/compromised directly labels Jan 15, 2023
@c4-judge
Copy link
Contributor

GalloDaSballo changed the severity to 2 (Med Risk)

@c4-judge
Copy link
Contributor

GalloDaSballo marked the issue as duplicate of #377

@c4-judge c4-judge added duplicate-377 and removed primary issue Highest quality submission among a set of duplicates labels Jan 15, 2023
@c4-judge c4-judge added the satisfactory satisfies C4 submission criteria; eligible for awards label Jan 22, 2023
@c4-judge
Copy link
Contributor

GalloDaSballo marked the issue as satisfactory

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-377 satisfactory satisfies C4 submission criteria; eligible for awards sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@GalloDaSballo @code423n4 @c4-judge @c4-sponsor @TriHaz