Dopex - 0xHelium's results

Lines of code

https://github.com/code-423n4/2023-08-dopex/blob/b174dcd7b68a5372d7b9a97c9dd50895e742689c/contracts/perp-vault/PerpetualAtlanticVault.sol#L237-L241 https://github.com/code-423n4/2023-08-dopex/blob/b174dcd7b68a5372d7b9a97c9dd50895e742689c/contracts/perp-vault/PerpetualAtlanticVault.sol#L101

Vulnerability details

Impact

No calculation of fundingDuration in updateFundingDuration() leads to critical bug. fundingDuration is later used in calculateFunding() to calculate the funding of options for the next epoch. This will return an incorrect fundingAmount in the process puting protocol and users funds in a critical state.

Proof of Concept

actual code is

    uint256 public  fundingDuration = 7 days;

    function updateFundingDuration(
    uint256 _fundingDuration
  ) external onlyRole(DEFAULT_ADMIN_ROLE) {
    fundingDuration = _fundingDuration ;
  }

if you call at first fundingDuration it returns 7 days in uint (604800), now let's update the fundingDuration, by calling updateFundingDuration with any uint: let says 10 ( for 10 days ). now call fundingDuration to get the updated fundingDuration. It will return just 10 and not 10 days in uint.

Tools Used

manual review and remix

Recommended Mitigation Steps

update the function to properly update the fundingDuration. if you want to interpret a function parameter in days, you can in the following way:

function f(uint start, uint daysAfter) public {
    if (block.timestamp >= start + daysAfter * 1 days) {
      // ...
    }
}

so applied to this contract you should update the function to be :

function updateFundingDuration(
    uint256 _fundingDuration
  ) external  {
    fundingDuration = _fundingDuration  * 1 days ;
  }

this updated code will properly set the fundingDuration to the expected corresponding uint. for eg: updateFundingDuration(10) will return 864000 which is the correct value.

Assessed type

Invalid Validation