Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

0x37 - Later LP holders can get one part of previous LP holders' borrowing fee #19

Closed
sherlock-admin2 opened this issue Sep 9, 2024 · 0 comments
Closed

0x37 - Later LP holders can get one part of previous LP holders' borrowing fee #19

sherlock-admin2 opened this issue Sep 9, 2024 · 0 comments
Labels
Non-Reward This issue will not receive a payout

Comments

@sherlock-admin2
Copy link
Contributor

sherlock-admin2 commented Sep 9, 2024
edited by sherlock-admin3
Loading

0x37

Medium

Later LP holders can get one part of previous LP holders' borrowing fee

Summary

Later LP holders can get one part of previous LP holders' borrowing fee because of the improper share price calculation.

Vulnerability Detail

When someone wants to mint some shares in one market, share's price will be calculated based on current total reserve's value and total supply.
LP holders will get some borrowing fees if traders open positions with leverage. When users close their positions, they will pay their borrowing fees and increase the share's price.
The problem is that when one LP wants to mint some shares, current total_reserves does not involve unrealized borrowing fees. This will cause new LP holders can mint shares via one cheaper share price than expected. They will share one part of borrowing fee which is generated before they mint shares.

@external
@view
def calc_mint(
  id          : uint256,
  base_amt    : uint256,
  quote_amt   : uint256,
  total_supply: uint256,
  ctx         : Ctx) -> uint256:
  pv: uint256 = self.MATH.value(Pools(self).total_reserves(id), ctx).total_as_quote
  mv: uint256 = self.MATH.value(Tokens({base: base_amt, quote: quote_amt}), ctx).total_as_quote
  return Pools(self).f(mv, pv, total_supply)

Impact

Later LP holders can get one part of previous LP holders' borrowing fee because of the improper share price calculation.

Code Snippet

https://github.com/sherlock-audit/2024-08-velar-artha/blob/main/gl-sherlock/contracts/core.vy#L154-L188

Tool used

Manual Review

Recommendation

When we calculate the share's price, add the unrealized accured borrowing fee into current reserve.

Duplicate of #50
@github-actions github-actions bot added Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A Medium severity issue. labels Sep 11, 2024
@sherlock-admin3 sherlock-admin3 changed the title Amateur Nylon Canary - Later LP holders can get one part of previous LP holders' borrowing fee 0x37 - Later LP holders can get one part of previous LP holders' borrowing fee Sep 11, 2024
@sherlock-admin3 sherlock-admin3 added the Reward A payout will be made for this issue label Sep 11, 2024
@WangSecurity WangSecurity removed the Medium A Medium severity issue. label Oct 12, 2024
@sherlock-admin2 sherlock-admin2 added Non-Reward This issue will not receive a payout and removed Reward A payout will be made for this issue labels Oct 12, 2024
@sherlock-admin3 sherlock-admin3 removed the Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label label Oct 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@WangSecurity @sherlock-admin2 @sherlock-admin3