DittoETH

Ditto

DeFiFoundryOracle

55,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Big shorters could call shutdownMarket() instead of seeing themselves being liquidated and liquidate good CR shorts

llill

Summary

In this protocol we can shutdown a market if global collateral of an asset market falls under 1.1.
We can also flag a short if it's CR falls under 4 and liquidate it if it falls under 1.5.
So if a short falls under 1.1 and it brings with it the global CR also under 1.1 he could get liquidated or market could be shutdown.
A problem that could happen is that if a big shorter fall under 1.1 CR and bring AssetCollateralRatio under 1.1 too, he/she could call shutdownMarket and make honest shorters (with a CR > 1,5) lose money (sinking everyone instead of only himself/herself)

Vulnerability Details

For simplicity I will take an example of a market where there are 4 shorts on it but we could easily imagine a more complicated scenario with dozens of small shorts and one really big.

Imagine 3 shorts at T1 :

S1 = S2 = S3 :

ErcAmount = 2000
Price = 10
CR = 15
Collateral = 2000 * 10 * 15 = 300 000

S4 :

ErcAmount = 1 000 000
Price = 10
CR = 5
Collateral = 1 000 000 * 10 * 5 = 50 000 000

=> Global CR at T1 = (300 000 * 3) + 50 000 000 / (10 * ((2000 * 3) + 1 000 000)) = 5,059

and then at T2 price went up to 46 :

S1 = S2 = S3 :

ErcAmount = 2000
Price = 46
CR = 300 000 / (2000 * 46) = 3.260 => Eligible for flag but not secondary liquidation
Collateral = 300 000

S4 :

ErcAmount = 1 000 000
Price = 46
CR = 50 000 000 / (1 000 000 * 46) = 1,087 => Eligible for both flag and secondary liquidation
Collateral = 50 000 000

=> Global CR at T2 = (300 000 * 3) + 50 000 000 / (46 * ((2000 * 3) + 1 000 000)) = 1,099 => Eligible for market shutdown

As we can see one big short with a bad CR ( < 1.1 ) can impact global Asset CR and instead of being liquidated if price go up, he/she could bring good shorter with him/her instead of sinking on its own

Impact

A big shorter could prefer to sink everyone (including good CR shorters) instead of being liquidated

Tools Used

VS Code,excel

Recommendations

3 solutions could exist :

prevent shorters from calling marketShutDown()
Add a maximum ErcAmount when creating a short
Only punish shorters with really bad collateral (<1.1) by allowing good shorters to recover their collateral (or a part of )

Updates

Lead Judging Commences

0xnevi Lead Judge

almost 2 years ago

0xnevi Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Other

Prize pool breakdown

Total prize

55,000 USDC

nSLOC

3,365

16 USDC / LOC

High Medium

50,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.