Zaros Part 1

Summary

A vulnerability exists in the liquidation check logic(in LiquidationBranch::liquidateAccounts function) where the liquidation reward is not taken into account. This omission can result in skipping accounts that should be liquidated if liquidation reward is taken into account.

Vulnerability Details

https://github.com/Cyfrin/2024-07-zaros/blob/d687fe96bb7ace8652778797052a38763fbcbb1b/src/perpetuals/branches/LiquidationBranch.sol#L146-L148

The current logic checks if an account is liquidatable by comparing the required maintenance margin with the margin balance. However, it does not account for the liquidation reward that should be included in the calculation. Due to this, it may be the possible case that there isn't liquidationFee + lossto be deducted from account margin. This loss would come from LP's position causing them to loss. By not including the liquidation reward, the check may falsely determine that an account is not liquidatable, thus skipping accounts that should actually be liquidated.

Example Scenario

1. Initial State:

   • Required Maintenance Margin: $10,000

   • Margin Balance: $9,500

   • Liquidation Reward: $1,000

2. Liquidation Check:

   • The current logic compares $10,000 (required maintenance margin) with $9,500 (margin balance).

   • Since $10,000 > $9,500, the account is deemed liquidatable.

   • However, if the margin balance was $10,500, the account would be skipped even though it should be liquidated when considering the $1,000 liquidation reward.

In this scenario, the account with a $10,500 margin balance should be liquidated, but the current logic skips it.

Impact

Due to this, the account that should be liquidated may not be liquidated. If the position is at loss considering liquidation fee, that would be need to bear by either liquidationFeeRecipientor LP.

Tools Used

Recommendations

Modify the liquidation check to include the liquidation reward in the calculation.