TradingAccount::deductAccountMargin() has incorrect fee parameter order, results in no incentive for liquidating an unhealthy position, accruing bad debt over time.
Summary
Vulnerability Details
In LiquidationBranch.sol, trandingAccount.deductAccountMargin() is called to finalize the liquidation process. This function deducts the margin collateral balance of the liquidating account to collect the borrowed debt, and transfer a small % as a settlementFee to the liquidator.
File: LiquidationBranch.sol
https://github.com/Cyfrin/2024-07-zaros/blob/d687fe96bb7ace8652778797052a38763fbcbb1b/src/perpetuals/branches/LiquidationBranch.sol#L152-L161
However, the issue with that is the settlementFeeUsdX18 order has been interchanged with orderFeeUsdX18. This results in the liquidator receiving 0 fees in exchange for removing bad debt from the protocol, which is wrong.
Here is the TradingAccount::deductAccountMargin() implementation,
The same function is used during the settlement of orders. For example, in SettlementBranch::_fillOrder(), it causes incorrect order fees/settlement fees to be sent to their respective recipients.
Impact
Due to wrong order in TradingAccount.deductAccountMargin() function, it has two critical impact
Liquidator won't be incentivized from liquidating the unhealthy position, and their fee would be transferred to address(0)
Incorrect order fee/settlement fee is being transferred
Tools Used
Manual review
Recommendations
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.