Simultaneous pool starting and closing is possible
Description
The startPool and endPool functions should be called to record the index balance at the moments of the pool starting and ending. These values are used to calculate the balanceChangePerShare amount required to make payments to shareholders. It is assumed that the pool should be open for a certain period of time. But since the endPool function does not check for the actual duration during which the pool was open, it is possible to start and end the pool at the same time.
Impact
In this case, the indexBalance at the moment of ending the pool and the indexInitialBalance at the moment of starting the pool will be equal. As a result, grossBalanceChangePerShare will return a zero. Therefore, the _balanceChangePerShare function is guaranteed to return the floor value as balanceChangePerShare. As a result, payouts for long positions will predictably be equal to zero.
function grossBalanceChangePerShare(
uint256 indexBalance,
uint256 indexInitialBalance,
uint256 indexShares,
uint256 indexDecimals
) internal pure returns (uint256) {
require(indexShares > 0, "Index shares must be greater than zero");
return ((indexBalance - indexInitialBalance) * 10 ** indexDecimals) / indexShares;
}
function _balanceChangePerShare(uint256 floor, uint256 cap, uint256 grossBalanceChangePerShare)
internal
pure
returns (uint256)
{
return max(floor, min(cap, grossBalanceChangePerShare));
}Recommendations
We recommend adding a check to the endPool function for the minimum duration during which the pool was open.