Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

0x37 - Traders may decrease their trading loss via mint/burn #12

Closed
sherlock-admin4 opened this issue Sep 9, 2024 · 5 comments
Closed

0x37 - Traders may decrease their trading loss via mint/burn #12

sherlock-admin4 opened this issue Sep 9, 2024 · 5 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Escalation Resolved This issue's escalations have been approved/rejected High A High severity issue. Reward A payout will be made for this issue

Comments

@sherlock-admin4
Copy link
Contributor

sherlock-admin4 commented Sep 9, 2024
edited by WangSecurity
Loading

0x37

High

Traders may decrease their trading loss via mint/burn

Summary

When traders have some trading loss, they can decrease their trading loss via mint LP before closing position and burn LP after closing position.

Vulnerability Detail

When traders open one position with long or short size, traders have some negative unrealized Pnl. When traders close their positions, LP holders as traders' counterparty, will take traders' loss as their profits.
The problem is that there is not any limitation for mint()/burn() functions. Traders can make use of this problem to decrease their trading loss.
For example:

  1. Alice opens one Long position in BTC/USDT market.
  2. BTC price decreases and Alice's long position has some negative Pnl.
  3. Alice wants to close her position.
  4. Alice borrows one huge amount of BTC/USDT and mint in this BTC/USDT market to own lots of shares.
  5. Alice closes her position and her loss will become LP's profit, this will increase LP share's price.
  6. Alice burns her share with one higher share price.

In this way, Alice can avoid most of her trading loss.

Impact

Traders have ways to avoid trading loss. This means that LPs will lose some profits that they deserve.

Code Snippet

https://github.com/sherlock-audit/2024-08-velar-artha/blob/main/gl-sherlock/contracts/core.vy#L154-L226

Tool used

Manual Review

Recommendation

Add one LP locking mechanism. When someone mints some shares in the market, he cannot burn his shares immediately. After a cool down period, he can burn his shares.

Duplicate of #94
@github-actions github-actions bot added the Medium A Medium severity issue. label Sep 11, 2024
@sherlock-admin3 sherlock-admin3 changed the title Amateur Nylon Canary - Traders may decrease their trading loss via mint/burn 0x37 - Traders may decrease their trading loss via mint/burn Sep 11, 2024
@sherlock-admin3 sherlock-admin3 added the Reward A payout will be made for this issue label Sep 11, 2024
@msheikhattari
Copy link

Escalate

Duplicate of #50 - the underlying issue is the same undistributed LP rewards.

@sherlock-admin3
Copy link
Contributor

Escalate

Duplicate of #50 - the underlying issue is the same undistributed LP rewards.

You've created a valid escalation!

To remove the escalation from consideration: Delete your comment.

You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.

@sherlock-admin4 sherlock-admin4 added the Escalated This issue contains a pending escalation label Sep 12, 2024
@WangSecurity
Copy link

This issue is more of a duplicate of #94 and describes the same scenario. Hence planning to accept the escalation and duplicate with #94. Let me know if I miss anything here.

@WangSecurity WangSecurity added Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A High severity issue. and removed Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A Medium severity issue. labels Sep 19, 2024
@WangSecurity
Copy link

WangSecurity commented Sep 24, 2024
edited
Loading

Result:
High
Duplicate of #94

@sherlock-admin2
Copy link
Contributor

sherlock-admin2 commented Sep 24, 2024
edited
Loading

Escalations have been resolved successfully!

Escalation status:

@sherlock-admin3 sherlock-admin3 removed the Escalated This issue contains a pending escalation label Sep 24, 2024
@sherlock-admin4 sherlock-admin4 added the Escalation Resolved This issue's escalations have been approved/rejected label Sep 24, 2024
@sabatha7 sabatha7 mentioned this issue Oct 6, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Escalation Resolved This issue's escalations have been approved/rejected High A High severity issue. Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@msheikhattari @WangSecurity @sherlock-admin2 @sherlock-admin3 @sherlock-admin4