Zaros Part 1

Summary

If skewScale == 0, getMarkPrice will revert due to a division by 0.

Vulnerability Detail

In the function getMarkPrice, price impact is obtained by dividing skew by skewScale:

If skewScale is not set or set to 0, then the function would revert and DOS all operations that rely on markPrice.

Impact

While it is unlikely that skewScale is not set or is set to 0, two points raise it to a low likelihood:

1. In getCurrentFundingVelocity(), the case if skewScale is zero is handled. See here https://github.com/Cyfrin/2024-07-zaros/blob/main/src/perpetuals/leaves/PerpMarket.sol#L140. This implies that the team does consider skewScale == 0 to be a valid state and handled it accordingly.

2. From sponsor's comments in discord: "The skewScale is a protocol configured variable that adjusts the sensitivity of premium / discounts and the funding rate, defined offchain using our proprietary agent simulation software and manual benchmarks against CEXs' liquidity."

   A skewScale of 0 could be set in a black swan event as determined by the simulation software benchmarked against CEXs' liquidity.

While the likelihood is low, the impact is very high as getMarkPrice is used to settle orders and liquidate positions. A DOS of this function could lead to drastic bad debt to the protocol. Therefore, with low likelihood and high impact the recommended severity is Medium.

Code Snippet

https://github.com/Cyfrin/2024-07-zaros/blob/main/src/perpetuals/leaves/PerpMarket.sol#L110

Tool used

Manual Review

Recommendation

Handle the case if skewScale == 0 and return indexPrice.