Category: Coding Mistakes
Centralization risk — owner-controlled deposits to insurance fund using user allowances
Informational Severity
Informational Impact
N/A Likelihood
Description
The function insuranceFundDeposit(...)
, which can only be called by the contract owner or admin, allows the protocol owner to transfer USDC from any account that has approved the PerpManager. Specifically, the function executes
function insuranceFundDeposit(address account, uint256 amount) external onlyOwnerOrAdmin {
_getClearingHouse().insuranceFund.deposit(account, amount);
}
function deposit(InsuranceFund storage self, address account, uint256 amount) internal {
self.balance += amount;
USDC.safeTransferFrom(account, address(this), amount);
emit InsuranceFundDeposit(account, amount);
}
This means that any user who has granted allowance to the PerpManager (e.g., via approve()
for normal trading) is at risk of having their funds deposited into the insurance fund by the owner without direct consent or action.
Impact
A privileged actor (owner or admin) can arbitrarily move user funds into the insurance fund using standard token allowances, without user intent.
Recommendations
Restrict insuranceFundDeposit
to only accept funds from the caller.
Additionally, clearly document this behavior to users if this behavior is expected.