Zaros Part 1

Zaros

DeFiFoundry

60,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

Maintenance Margin May Not Cover Losses During Liquidations

giraffe0x

Summary

During liquidation, the required Maintenance Margin(MM) is deducted from the trader's collateral regardless of how much the trade lost. There could be scenarios where MM does not cover the loss and bad debt is incurred.

Vulnerability Detail

In liquidateAccounts(), MM is deducted from the account's collateral:

ctx.liquidatedCollateralUsdX18 = tradingAccount.deductAccountMargin({

feeRecipients: FeeRecipients.Data({

marginCollateralRecipient: globalConfiguration.marginCollateralRecipient,

orderFeeRecipient: address(0),

settlementFeeRecipient: globalConfiguration.liquidationFeeRecipient

}),

pnlUsdX18: requiredMaintenanceMarginUsdX18, // MM deducted here

orderFeeUsdX18: UD60x18_ZERO,

settlementFeeUsdX18: ctx.liquidationFeeUsdX18

});

This assumes that MM is sufficient to cover potential losses but there could be scenarios where losses exceed MM due to:

Sharp drawdown in price during black swan events, and keepers cannot liquidate fast enough
Arbitrum sequencer downtime (see https://dedaub.com/blog/arbitrum-sequencer-outage/) such that liquidations cannot be performed temporarily

If losses exceed MM but only MM is deducted, then the trader benefits by being able to withdraw remaining collateral and avoid paying for his full losses. Consider this example:

Bob deposits $2,000 of collateral
Bob opens a $10,000 position which requires a 10% MM of $1,000
Due to a sharp price drawdown, Bob's position is in a loss of $1,100
Bob is liquidated but only $1,000 is taken from him
Bob withdraws the remaining $1,000 of collateral and avoids a $100 loss

On the other hand, there may be scenarios where the trader does not have any losses but due to collateral value decreasing, he is liquidated and has all collateral taken unfairly. Consider this example

Bob deposits $2,000 of ETH collateral
Required MM of $1,000
PnL of $0
Due to ETH price decrease, his collateral is worth $999
Bob is liquidated and loses all $999

Impact

Traders may be able to avoid the full extent of their losses and the counterparty to their trade (protocol / LPs) are deprived of potential profit.

Consider deducting only trading losses and fees, and return any remaining collateral.

Code Snippet

https://github.com/Cyfrin/2024-07-zaros/blob/main/src/perpetuals/branches/LiquidationBranch.sol#L158

Tool used

Manual Review

Recommendation

Deduct the higher of either MM or accountTotalUnrealizedPnlUsdX18 from the trader's collateral, and if the amount to be deducted exceeds the trader's collateral, take all the collateral.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

deductAccountMargin() treats `required maintenance margin` as the `unrealized PnL` because it uses `requiredMaintenanceMarginUsdX18` in place of `pnlUsdX18`

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,878

21 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!