Zaros Part 1

Zaros

DeFiFoundry

60,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

shouldUseMaintenanceMargin Does Not Consider Positions Flipping Sides

giraffe0x

Summary

A position which is decreasing in size is afforded several benefits such as lower margin requirement. However, the codebase fails to consider a position which is decreasing but yet increasing in the opposite direction, providing a loophole to increase positions with lower margin requirements.

Vulnerability Detail

function createMarketOrder() {

...

ctx.shouldUseMaintenanceMargin = !Position.isIncreasing(params.tradingAccountId, params.marketId, params.sizeDelta)

&& ctx.isMarketWithActivePosition;

...

}

function isIncreasing() {

...

return self.size == 0 || (self.size > 0 && sizeDelta > 0) || (self.size < 0 && sizeDelta < 0);

// does not consider self.size > 0 && abs(sizeDelta) > self.size

...

}

A position is considered "decreasing" if:

self.size > 0 && sizeDelta < 0, which indicates a decreasing long position
self.size < 0 && sizeDelta > 0, which indicates a decreasing short position
But it fails to consider:
self.size > 0 && sizeDelta < 0 but abs(sizeDelta) > self.size which indicates both a decreasing long AND an increasing short
self.size < 0 && sizeDelta > 0 but abs(sizeDelta) > self.size which indicates both a decreasing short AND an increasing long

For example, creating a 1 ETH long position, then creating another -5 ETH short position is considered "decreasing" when it should be "increasing" in the short direction.

This loophole also allows traders to increase the size of their position even if market or settlement is disabled, since it relies on the isIncreasing function as well, see https://github.com/Cyfrin/2024-07-zaros/blob/main/src/perpetuals/branches/SettlementBranch.sol#L376

Impact

Increasing a position indicates taking on more risk so the system requires the trader to meet initial margin. However, for the conditions shown above, a trader is increasing a position but is only required to meet maintenance margin. This introduces additional risk to the whole market and could cause bad debt if the maintenance margin is insufficient to cover losses during liquidations.

Traders can also increase positions even while market or settlement is disabled which can have serious consequences.

Code Snippet

https://github.com/Cyfrin/2024-07-zaros/blob/main/src/perpetuals/leaves/Position.sol#L171

Tool used

Manual Review

Recommendation

The following cases should be considered as increasing a position:

self.size > 0 && sizeDelta < 0 but abs(sizeDelta) > self.size
self.size < 0 && sizeDelta > 0 but abs(sizeDelta) > self.size

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Disable market limitation can be bypassed

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,878

21 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!