# Boost \_ IDEX 34428 - \[Smart Contract - Insight] Incorrect Condition in validateExitQuoteQuantityAndC

Submitted on Mon Aug 12 2024 10:15:39 GMT-0400 (Atlantic Standard Time) by @holydevoti0n for [Boost | IDEX](https://immunefi.com/bounty/boost-idex/)

Report ID: #34428

Report type: Smart Contract

Report severity: Insight

Target: <https://github.com/idexio/idex-contracts-ikon/blob/main/contracts/libraries/Withdrawing.sol>

Impacts:

* Contract fails to deliver promised returns, but doesn't lose value

## Description

## Brief/Intro

The \`\`validateExitQuoteQuantityAndCoerceIfNeeded\` function is intended to handle small negative values resulting from rounding errors by coercing them to zero, allowing wallet positions to be closed out correctly. However, there is a discrepancy between the implemented logic and the comments provided in the code.

<https://github.com/idexio/idex-contracts-ikon/blob/a4bfee2cb80daec8ba22ee926a13884807d0a94a/contracts/libraries/Withdrawing.sol#L290>

```solidity
Math.abs(walletQuoteQuantityToWithdraw) <= Constants.MINIMUM_QUOTE_QUANTITY_VALIDATION_THRESHOLD
```

According to the comments here: <https://github.com/idexio/idex-contracts-ikon/blob/a4bfee2cb80daec8ba22ee926a13884807d0a94a/contracts/libraries/Constants.sol#L67-L68>

"Positions SMALLER than this threshold will skip quote quantity validation for Position Below Minimum liquidations and skip non-negative total quote validation Wallet Exits"

## Vulnerability Details

According to the comments, positions smaller than the `Constants.MINIMUM_QUOTE_QUANTITY_VALIDATION_THRESHOLD` should skip quote quantity validation. However, the current implementation uses a `<=` comparison, which may incorrectly coerce values that are exactly equal to the threshold, rather than values strictly less than the threshold.

## Impact Details

This discrepancy could lead to unexpected behavior where positions with a quote quantity exactly equal to the `MINIMUM_QUOTE_QUANTITY_VALIDATION_THRESHOLD` are coerced to zero, potentially skipping necessary validations. This could result in incorrect handling of wallet exits or position liquidations, particularly in edge cases.

## Recommendations

To align the logic with the intended behavior as described in the comments, the condition should be modified from `<=` to `<`:

```diff
- Math.abs(walletQuoteQuantityToWithdraw) <= Constants.MINIMUM_QUOTE_QUANTITY_VALIDATION_THRESHOLD
+ Math.abs(walletQuoteQuantityToWithdraw) < Constants.MINIMUM_QUOTE_QUANTITY_VALIDATION_THRESHOLD

```

## Proof of concept

## Proof of Concept

On the file `exits.ts` add the following test inside the `validateExitQuoteQuantityAndCoerceIfNeeded` closure:

```
expect(
          (
            await withdrawExitValidationsMock.validateExitQuoteQuantityAndCoerceIfNeeded(
              false,
              -10000, // @audit value is == `MINIMUM_QUOTE_QUANTITY_VALIDATION_THRESHOLD`
            )
          ).toString(),
        ).to.equal('0');
```

And run: `npx hardhat test test/exits.ts`

Output: test succeeds but it should revert as -10000 is not smaller than `MINIMUM_QUOTE_QUANTITY_VALIDATION_THRESHOLD`


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://reports.immunefi.com/idex/boost-_-idex-34428-smart-contract-insight-incorrect-condition-in-validateexitquotequantityandcoercei.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.