Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Function checkLiquidatableAccounts does not account for liquidation fees, resulting in unexecpted results

Cryptor

Summary

Function checkLiquidatableAccounts does not account for liquidation fees, resulting in unexecpted results

Vulnerability Details

The function checkLiquidatableAccounts checks if an account can be liquidated shown here.

https://github.com/Cyfrin/2024-07-zaros/blob/35b344033dbf37de76a53783de4d74187f88c3e7/src/perpetuals/branches/LiquidationBranch.sol#L42-L45

function checkLiquidatableAccounts(
uint256 lowerBound,
uint256 upperBound
)

It does the calculation the check like this

https://github.com/Cyfrin/2024-07-zaros/blob/35b344033dbf37de76a53783de4d74187f88c3e7/src/perpetuals/branches/LiquidationBranch.sol#L81-L84

// account can be liquidated if requiredMargin > marginBalance
if (TradingAccount.isLiquidatable(requiredMaintenanceMarginUsdX18, marginBalanceUsdX18)) {
liquidatableAccountsIds[i] = tradingAccountId;
}

However, this is incorrect as the liquidation formula accounts for the liquidation fee

https://docs.zaros.fi/overview/products/perpetuals-dex/liquidation

isLiquidatable={requiredMM+liquidationFeeUsd≥marginBalanceUsd​

This means that in some instances the function can reflect an account that is safe when it really is not

Impact

The function can return the wrong information which can mislead users

Tools Used

Manual Review

Recommendations

Add the liquidation fee in checkLiquidatableAccounts

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Liquidation doesn't take the liquidation fee in consideration inside the isLiquidatable check

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.