Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Inaccurate Reporting of Liquidated Collateral Amount

bauchibred

Summary

The liquidateAccounts function in the LiquidationBranch contract incorrectly reports the amount of liquidated collateral by including the liquidation fee in the calculation. This leads to an overstatement of the liquidated collateral amount in liquidation events.

Vulnerability Details

Take a look at https://github.com/Cyfrin/2024-07-zaros/blob/d687fe96bb7ace8652778797052a38763fbcbb1b/src/perpetuals/branches/LiquidationBranch.sol#L150-L161

ctx.liquidatedCollateralUsdX18 = tradingAccount.deductAccountMargin({
feeRecipients: FeeRecipients.Data({
marginCollateralRecipient: globalConfiguration.marginCollateralRecipient,
orderFeeRecipient: address(0),
settlementFeeRecipient: globalConfiguration.liquidationFeeRecipient
}),
pnlUsdX18: requiredMaintenanceMarginUsdX18,
orderFeeUsdX18: UD60x18_ZERO,
settlementFeeUsdX18: ctx.liquidationFeeUsdX18
});

The deductAccountMargin function returns the total amount deducted from the account, which includes both the required maintenance margin and the liquidation fee. However, this total amount is directly assigned to ctx.liquidatedCollateralUsdX18, which should only represent the actual collateral liquidated to cover the maintenance margin.

Impact

This bug results in an overstatement of the liquidated collateral amount in liquidation events. The reported liquidated collateral includes the liquidation fee, which is not actually part of the liquidated collateral but an additional charge. This can lead to:

  1. Inaccurate financial reporting and accounting of liquidation events.

  2. Potential misunderstanding by users or external systems relying on this data.

  3. Inconsistencies in protocol analytics and risk assessments.

The severity is medium, as it doesn't directly lead to fund loss but significantly impacts the accuracy of protocol data.

Tools Used

Manual review

Recommendations

To fix this issue, separate the liquidation fee from the actual liquidated collateral amount:

UD60x18 totalDeductedUsdX18 = tradingAccount.deductAccountMargin({
feeRecipients: FeeRecipients.Data({
marginCollateralRecipient: globalConfiguration.marginCollateralRecipient,
orderFeeRecipient: address(0),
settlementFeeRecipient: globalConfiguration.liquidationFeeRecipient
}),
pnlUsdX18: requiredMaintenanceMarginUsdX18,
orderFeeUsdX18: UD60x18_ZERO,
settlementFeeUsdX18: ctx.liquidationFeeUsdX18
});
// Calculate the actual liquidated collateral by subtracting the liquidation fee
ctx.liquidatedCollateralUsdX18 = totalDeductedUsdX18.sub(ctx.liquidationFeeUsdX18);

Additionally, consider adding a separate variable to track the liquidation fee for transparency:

ctx.actualLiquidationFeeUsdX18 = totalDeductedUsdX18.sub(ctx.liquidatedCollateralUsdX18);

Update the LogLiquidateAccount event to include both the liquidated collateral and the actual liquidation fee:

emit LogLiquidateAccount(
msg.sender,
ctx.tradingAccountId,
ctx.activeMarketsIds.length,
requiredMaintenanceMarginUsdX18.intoUint256(),
ctx.marginBalanceUsdX18.intoInt256(),
ctx.liquidatedCollateralUsdX18.intoUint256(),
ctx.actualLiquidationFeeUsdX18.intoUint128()
);

These changes will ensure accurate reporting of liquidated collateral and provide clear separation between the liquidated amount and the liquidation fee.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.