Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

updateHighWaterMark can never be set to 0 #45

Open
hats-bug-reporter bot opened this issue Jun 21, 2024 · 1 comment
Open

updateHighWaterMark can never be set to 0 #45

hats-bug-reporter bot opened this issue Jun 21, 2024 · 1 comment
Labels
medium

Comments

@hats-bug-reporter
Copy link

Github username: @@GiorgioDalla
Twitter username: 0xAuditism
Submission hash (on-chain): 0x96e86d275474ea167cfa18efd11b6625924c5beb02fe3a357d85dd8df72dc369
Severity: medium

Description:
Description
During the first deposit, the watermark is supposed to be set to 0, however the waterMark can never be set to 0 if it is >0 .
Attack Scenario
There is no attack involved. It is just that it is clearly the protocol's intent to put it back to 0 for the first deposit, however this cannot be done

Attachments

  1. Proof of Concept (PoC) File
    // If the total supply is zero, this is the first deposit, and tokens are minted based on the initial amount.
    if (_totalSupply == 0) {
      tokenAmount = assetManagementConfig().initialPortfolioAmount();
      // Reset the high watermark to zero if it's not the first deposit. //@note apparently this is just a mistake, this is supposed to happen.
  @>      feeModule().updateHighWaterMark(0);
    } else {
      // Calculate the amount of portfolio tokens to mint based on the deposit.
   tokenAmount = _getTokenAmountToMint(_depositRatio, _totalSupply);
    }

Here above we can clearly see that the intent is to set the waterMark to 0 when going through the first deposit.

  function _updateHighWaterMark(uint256 _currentPrice) internal {
    highWatermark = _currentPrice > highWatermark
      ? _currentPrice
      : highWatermark;
  }

Here above is the _updateHighWaterMark function that was called. However the waterMark is only set to the _currentPrice when it is bigger than the current highWatermark.
which means if highWatermark = 10, and _currentPrice = 0, the highWatermark won't budge

  1. Revised Code File (Optional)
    Since it is in the protocol's intention to have the highWatermark set to 0 when having the first deposit. Consider changing the function's logic accordingly.
function _updateHighWaterMark(uint256 _currentPrice) internal {
+ highWatermark = _currentPrice;
-    highWatermark = _currentPrice > highWatermark
-     ? _currentPrice
-     : highWatermark;
  }
@hats-bug-reporter hats-bug-reporter bot added the bug Something isn't working label Jun 21, 2024
@langnavina97 langnavina97 mentioned this issue Jul 5, 2024
Merged
@langnavina97
Copy link

Thank you for submitting the issue. We've resolved it and pushed the changes, which can be found here: Velvet-Capital@25ef3e7

@GiorgioDalla

@langnavina97 langnavina97 added low and removed bug Something isn't working labels Jul 15, 2024
@langnavina97 langnavina97 added medium and removed low labels Jul 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@langnavina97