Upgraded Q -> 2 from #37 [1703589922038] #64
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
duplicate-44
satisfactory
satisfies C4 submission criteria; eligible for awards
Judge has assessed an item in Issue #37 as 2 risk. The relevant finding follows:
[L-02] openPosition() maybe underflow
in openPosition() -> Base.swap()
...
(cache.amountSpent, cache.amountReceived) = Base.swap(
cache.tokenFrom,
cache.tokenTo,
params.amountSwap,
@> collateralTo - cache.amountToBorrowed - params.marginTo, // amount needed to meet requirement
DEX_AGGREGATOR,
params.data
);
The formula collateralTo - cache.amountToBorrowed - params.marginTo may underflow.
This is especially true if the user wants to increase token0PremiumPortion, thereby transferring to marginTo.
For example: (price outOfRange) collateralTo = 100 amountToBorrowed = 100 marginTo = 10 (want to set token0PremiumPortion >10%)
collateralTo - amountToBorrowed - marginTo will underflow.
Suggestions:
The text was updated successfully, but these errors were encountered: