This repository has been archived by the owner on May 26, 2023. It is now read-only.
hansfriese - PerpDepository._rebalanceNegativePnlWithSwap()
shouldn't use a sqrtPriceLimitX96
twice.
#425
Labels
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
hansfriese
medium
PerpDepository._rebalanceNegativePnlWithSwap()
shouldn't use asqrtPriceLimitX96
twice.Summary
PerpDepository._rebalanceNegativePnlWithSwap()
shouldn't use asqrtPriceLimitX96
twice.Vulnerability Detail
Currently,
_rebalanceNegativePnlWithSwap()
uses asqrtPriceLimitX96
param twice for placing a perp order and swapping.In
_placePerpOrder()
, it uses the uniswap pool inside the perp protocol and uses aspotSwapper
for the second swap which is for the uniswap as well.But as we can see here, Uniswap V3 introduces multiple pools for each token pair and 2 pools might be different and I think it's not good to use the same
sqrtPriceLimitX96
for different pools.Also, I think it's not mandatory to check a
sqrtPriceLimitX96
as it checksamountOutMinimum
already. (It checksamountOutMinimum
only in_openLong()
and_openShort()
.)Impact
PerpDepository._rebalanceNegativePnlWithSwap()
might revert when it should work as it uses the samesqrtPriceLimitX96
for different pools.Code Snippet
https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/integrations/perp/PerpDepository.sol#L478
Tool used
Manual Review
Recommendation
I think we can use the
sqrtPriceLimitX96
param for one pool only and it would be enough as there is anamountOutMinimum
condition.The text was updated successfully, but these errors were encountered: