Submission Details
Severity:
Potential Exploitation of Position Management & Funding Fee Calculations in `TradingAccountBranch` contract
Summary: Attackers can manipulate position sizes and funding fee calculations by strategically placing trades through front running, potentially leading to unfair advantages and financial harm to other users.
Vulnerability Details: The contract's mechanisms for calculating mark prices, notional values, and funding fees are susceptible to manipulation. By executing large or timed trades, attackers can influence these calculations in their favor. This could result in skewed margin requirements and unrealized profit/loss figures that benefit the attacker while disadvantaging others.
Vulnerable Areas:
One: Mark Price Calculation:
@> UD60x18 markPrice = perpMarket.getMarkPrice(unary(sd59x18(position.size)), indexPrice);
Two. Funding Fee Per Unit Determination:
Link
Three. Margin Requirement Adjustments: Recalculation based on updated positions
Four. Unrealised PnL Impacts: Sudden large trades influencing subsequent adjustments indirectly benefiting attackers and detrimental to others involved negatively.
Impact: One. Financial Loss: Other users may suffer financial losses due to manipulated market conditions.
Two. Unfair Advantage: Attackers gain an unfair advantage over honest trader
Tools Used: Manual Review
Recommendations: One.Time-weighted Average Price (TWAP)* Use TWAP price calculations to mitigate short-term manipulations
Two. Slippage Protection* -Allow users specify acceptable slippage limits prevent significant deviations intended execution prices
Updates
Prize pool breakdown
Total prize
60,000 USDC
nSLOC
2,87821 USDC / LOC
50,000 USDC
5,500 USDC
4,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.