`LiquidationBranch.liquidateAccounts()` always sets `openInterest` and `skew` of Market to 0
Summary
During liquidation it forgets to calculate new values of openInterest and skew. As a result it sets 0 values.
Vulnerability Details
Here it sets values which are never initialized:
https://github.com/Cyfrin/2024-07-zaros/blob/d687fe96bb7ace8652778797052a38763fbcbb1b/src/perpetuals/branches/LiquidationBranch.sol#L209
Impact
Liquidation resets openInterest and skew of markets with which liquidated account is associated. It completely messes up the core mechanic of protocol. At least it has following consequences:
OpenInterest and skew limits don't work. That's security mechanic to save LP's from big losses, described here: https://discord.com/channels/1127263608246636635/1260120972636327977/1265346773862584483
Positions can't be closed. That's because
openInterestis reduced and therefore underflow: because previously it was reset to 0.MarkPrice is incorrectly calculated because of resetted
skew.Funding velocity is incorrectly calculated and hence fundingRate is incorrect. That's because
skewwas resetted.Order fees are incorrectly applied. That's because of
skewreset.
Tools Used
Manual Review
Recommendations
Calculate values for ctx.newOpenInterestX18 and ctx.newSkewX18 in advance before setting them to storage.
Lead Judging Commences
`liquidateAccounts` calls `updateOpenInterest` with uninitialized OI and skew)
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.