Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Liquidating even one account leads to reseting of the entire PerpMarket

meeve

Summary

liquidateAccounts should update PerpMarket when one of the accounts is liquidated, but instead it returns the market to its initial state.

Vulnerability Details

When the account is liqudated, perpMarket openInterest and skew must be recalculated. The liquidateAccounts function updates these values, but they are not calculated anywhere, instead updateOpenInterest is called with the default values, which is 0.

// update perp market's open interest and skew; we don't enforce ipen
// interest and skew caps during liquidations as:
// 1) open interest and skew are both decreased by liquidations
// 2) we don't want liquidation to be DoS'd in case somehow those cap
// checks would fail
perpMarket.updateOpenInterest(ctx.newOpenInterestX18, ctx.newSkewX18);

In the comment they are mentioning that they don't want to call checkOpenInterestLimits, because they don't want to enforce the limit, but they don't know that this function not only check the limits, but also calculates new openInterest and skew values ( name of this function is misleading )

Impact

Liqudating even one account leads to reseting the entire PerpMarket, which results in major system disruptions. Many values are calculated based on these two (skew and OpenInterest), such as: marketPrice, FundingRate, OrderFees, PnL

Tools Used

Manual review

Recommendations

newOpenInterestX18 and newSkewX18 should be recalculated during the liqudation

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

`liquidateAccounts` calls `updateOpenInterest` with uninitialized OI and skew)

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!