Summary

In LiquidationBranch, in function liquidateAccounts there is a critical flaw in the liquidation process where the protocol recovers only the requiredMaintenanceMarginUsdX18 and not the full loss incurred by the tradingAccount.

Vulnerability Details

Example Scenario

1. Trader's Position:

   • Initial collateral: $10,000.

   • Position value: $50,000 (leveraged position 5x).

   • Maintenance margin requirement: 5% of position value

2. Adverse Market Movement:

   • The position incurs a loss of $7905.

   • The current collateral value drops to $10,000 - $7905 = $2095.

   • Maintenance margin requirement: (50000 - 7905) * 5% = $2104.75

   • Margin balance becomes negative, triggering liquidation since it is below the maintenance margin requirement.

The protocol only deducts requiredMaintenanceMarginUsdX18and not the loses by the trader. Due to this, trader would still have lot of collateral unaffected even with liquidation.

https://github.com/Cyfrin/2024-07-zaros/blob/d687fe96bb7ace8652778797052a38763fbcbb1b/src/perpetuals/branches/LiquidationBranch.sol#L152-L161

Impact

This leads to a scenario where a trader retains most of their collateral even after liquidation. Hence, due to liquidation, only small part of user's collateral will be seized while all losing positions of trader will be closed.

Tools Used

Manual analysis

Recommendations

The liquidation process should be updated to recover both the required maintenance margin and the actual trading losses incurred by the trader.