Submission Details
Severity:
`LiquidationKeeper:getConfig()` returns incomplete information
Summary
The LiquidationKeeper:getConfig() function is incomplete and does not return the forwarder address.
Vulnerability Details
Both MarketOrderKeeper and LiquidationKeeper inherit BaseKeeper:
contract MarketOrderKeeper is ILogAutomation, IStreamsLookupCompatible, BaseKeeper {
//..
contract LiquidationKeeper is IAutomationCompatible, BaseKeeper {
Therefore MarketOrderKeeper:getConfig() is implemeted as follows:
function getConfig()
external
view
returns (address keeperOwner, address forwarder, address perpsEngine, uint128 marketId)
{
>> BaseKeeperStorage storage baseKeeperStorage = _getBaseKeeperStorage();
MarketOrderKeeperStorage storage self = _getMarketOrderKeeperStorage();
keeperOwner = owner();
>> forwarder = baseKeeperStorage.forwarder;
perpsEngine = address(self.perpsEngine);
marketId = self.marketId;
}
As seen, this function returns all config parameters including baseKeeperStorage.forwarder.
However, LiquidationKeeper:getConfig() fails to include this:
function getConfig() external view returns (address keeperOwner, address perpsEngine) {
LiquidationKeeperStorage storage self = _getLiquidationKeeperStorage();
keeperOwner = owner();
perpsEngine = address(self.perpsEngine);
// @audit-info Missing `forwarder` address
}
As seen, baseKeeperStorage.forwarder is not returned here.
Impact
Incomplete config data returned by getConfig().
Tools Used
Manual Review
Recommendations
Modify LiquidationKeeper:getConfig() as follows:
- function getConfig() external view returns (address keeperOwner, address perpsEngine) {
+ function getConfig() external view returns (address keeperOwner, address forwarder, address perpsEngine) {
+ BaseKeeperStorage storage baseKeeperStorage = _getBaseKeeperStorage();
LiquidationKeeperStorage storage self = _getLiquidationKeeperStorage();
keeperOwner = owner();
+ forwarder = baseKeeperStorage.forwarder;
perpsEngine = address(self.perpsEngine);
}
Updates
Prize pool breakdown
Total prize
60,000 USDC
nSLOC
2,87821 USDC / LOC
50,000 USDC
5,500 USDC
4,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.