GitHub
https://github.com/Cyfrin/2024-07-zaros/blob/d687fe96bb7ace8652778797052a38763fbcbb1b/src/perpetuals/branches/GlobalConfigurationBranch.sol#L286-L341

Summary

The configureSystemParameters function does not impose explicit limits on the liquidationFeeUsdX18, and the fee's default value is set during the contract's configuration. Changes to liquidationFeeUsdX18 directly affect the fees applied during the liquidation of accounts, influencing both the incentives for liquidators and the remaining collateral for liquidated accounts. This lack of explicit limits and sudden changes to fees can lead to user dissatisfaction and trust issues.

Note: Please do note that this functionality is managed by the admin, who is a trusted entity. However the fee change is a legitimate process and not a malicious act carried out by an untrusted admin.

Impact

Changes to liquidationFeeUsdX18 after the initial configuration can lead to discrepancies between user expectations & actual fees charged during liquidation. Users opening positions under a lower fee structure may be unexpectedly charged higher fees if the fee is increased. This impacts user trust, perceived fairness, and economic outcomes for liquidated accounts.

Proof of Concept

1. Let say Admin sets liquidationFeeUsdX18 to $2 initially.

2. The DEX goes live with millions of open positions based on this fee.

3. Now Admin changes liquidationFeeUsdX18 to $5 to increase liquidator incentives.

4. Positions that were opened under the $2 fee structure are now subject to a $5 fee upon liquidation. Users, expecting to be charged $2, are instead charged $5, leading to unexpected higher costs.

Recommendation

While there is no one solid solution for this issue but here is what I have in mind:

1. For the limit issue implement explicit limits on how much liquidationFeeUsdX18 can be changed within a specific period.

2. And for the fee impact, consider locking in the fee for the duration of a user's position, ensuring the fee at the time of opening remains constant until the position is closed or liquidated.

3. Ensure any changes to fees are transparent and well-communicated, ideally through a DAO voting mechanism where users have a say in the changes.

4. Develop a mechanism to stagger fee changes or introduce them gradually to minimize sudden impacts on users.