Skip to content
This repository has been archived by the owner on Jan 7, 2024. It is now read-only.

shaka - Position can fall below minimum acceptable quote value after partial closing #185

Closed
sherlock-admin opened this issue Jul 3, 2023 · 0 comments
Closed

shaka - Position can fall below minimum acceptable quote value after partial closing #185

sherlock-admin opened this issue Jul 3, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Jul 3, 2023
edited by github-actions bot
Loading

shaka

medium

Position can fall below minimum acceptable quote value after partial closing

Summary

The remaining quote value is not checked when a partial cancellation of a position in the CANCEL_CLOSE_PENDING status is requested, which might lead to a situation where the remaining quote value is too low.

Vulnerability Detail

The protocol has a minimum acceptable quote value that tries to prevent the existence of quotes or positions with a value that is too small, which might descent into situations where there is no economic incentive to act on the position.

When creating a new quote, opening a position, requesting to close a position or closing a position, it is checked that the remaining quote value is not too low. However, when a partial cancellation of a position in the CANCEL_CLOSE_PENDING status is requested, the remaining quote value is not checked, which might lead to a situation where the remaining quote value is too low.

Impact

The remaining quote value might be too low, which might lead to a situation where there is no economic incentive to act on the position, creating a loss of funds for the user.

Code Snippet

https://github.com/sherlock-audit/2023-06-symmetrical/blob/main/symmio-core/contracts/libraries/LibQuote.sol#L195-L207

Tool used

Manual Review

Recommendation

        } else if (
            quote.quoteStatus == QuoteStatus.CANCEL_CLOSE_PENDING || quote.quantityToClose == 0
        ) {
            quote.quoteStatus = QuoteStatus.OPENED;
            quote.requestedClosePrice = 0;
            quote.quantityToClose = 0; // for CANCEL_CLOSE_PENDING status
-       } else {
+       }
+       if (quote.closedAmount != quote.quantity && quote.quantityToClose > 0) {
            require(
                quote.lockedValues.total() >=
                    SymbolStorage.layout().symbols[quote.symbolId].minAcceptableQuoteValue,
                "LibQuote: Remaining quote value is low"
            );
        }

Duplicate of #248
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Jul 10, 2023
@sherlock-admin sherlock-admin added the Reward A payout will be made for this issue label Jul 26, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin