0xNazgul
medium
According to the Perpetual Protocols vault documentation one can only withdraw upto one's freeCollateral.
vault.withdraw()
is used across PerpDepository.sol
to withdraw assets from the Perpetual Protocols vault. However, in their docs it states:
"When withdrawing collaterals, one can withdraw the amount up to one's freeCollateral. This ensures that one's positions are always sufficiently collateralized."
None of the vault.withdraw()
calls check if the amount being withdrawn is less than freeCollateral
.
This could cause unwanted behavior and even put the protocol at risk.
PerpDepository.sol#L219
, PerpDepository.sol#L300
, PerpDepository.sol#L498
, PerpDepository.sol#L638
Manual Review
Consider adding something similar before each call of vault.withdraw()
:
uint256 freeCollateral = vault.getFreeCollateral(address(this));
if(amount > freeCollateral) {
vault.withdraw(TOKEN, freeCollateral);
} else {
vault.withdraw(TOKEN, amount);
}