Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Incorrect USD valuation method for WSTETH and WEETH collaterals

krisp

Summary

The Zaros system supports various collateral types by converting their values to USD for margin calculations. However, WSTETH and WEETH lack direct USD price feeds and are priced relative to ETH. Currently, there is no distinct method for valuing these assets in USD. The existing implementation retrieves their prices in ETH and incorrectly sets these prices directly as USD without performing the necessary conversion. This approach could lead to severe consequences for both users and the protocol.

Vulnerability Details

In Zaros, margin collaterals are valued in USD, and the system fetches prices from Chainlink data feeds. Most collateral types have a direct collateralType/USD data feed. However, two collateral types, WSTETH and WEETH, lack direct collateralType/USD price feeds and only have collateralType/ETH price feeds. This necessitates a different approach to convert the price to USD. The ETH/USD price should first be fetched, followed by the collateralType/ETH price, and then converted to USD. Currently, the system applies the same method for all collateral types, including those with indirect price feeds, which is incorrect.

For example, the getMarginBalanceUsd function in TradingAccount.sol performs this calculation incorrectly:

function getMarginBalanceUsd(
Data storage self,
SD59x18 activePositionsUnrealizedPnlUsdX18
)
internal
view
returns (SD59x18 marginBalanceUsdX18)
{
// Cache collateral length
uint256 cachedMarginCollateralBalanceLength = self.marginCollateralBalanceX18.length();
// Iterate over every collateral account
for (uint256 i; i < cachedMarginCollateralBalanceLength; i++) {
// Read key/value from storage for the current iteration
(address collateralType, uint256 balance) = self.marginCollateralBalanceX18.at(i);
// Load collateral margin configuration for this collateral type
MarginCollateralConfiguration.Data storage marginCollateralConfiguration =
MarginCollateralConfiguration.load(collateralType);
// Calculate the collateral's "effective" balance
@> UD60x18 adjustedBalanceUsdX18 = marginCollateralConfiguration.getPrice().mul(ud60x18(balance)).mul(
ud60x18(marginCollateralConfiguration.loanToValue)
);
// Add this account's "effective" collateral balance to the cumulative output
marginBalanceUsdX18 = marginBalanceUsdX18.add(adjustedBalanceUsdX18.intoSD59x18());
}
// Finally, add the unrealized PNL to the cumulative output
marginBalanceUsdX18 = marginBalanceUsdX18.add(activePositionsUnrealizedPnlUsdX18);
}

In this function, marginCollateralConfiguration.getPrice() for WEETH, for example, returns the price in ETH rather than USD. This incorrect valuation can lead to significant issues, as the getMarginBalanceUsd() function is used in various components like LiquidationBranch and OrderBranch, etc. which makes the system prone to errors.

Impact

Incorrect valuation of margin collateral could lead to substantial financial losses for both users and the protocol. For example, due to fluctuations in ETH prices, due to the fact that the system mistakenly interpret ETH prices as USD prices. This miscalculation could result in previously non-liquidatable positions becoming liquidatable or users being able to withdraw less margin than originally deposited, ultimately leading to significant financial losses.

Tools Used

VSCode, manual code review

Recommendations

Implement a correct method to calculate the USD value of WSTETH and WEETH.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Some in-scope tokens don't have Chainlink feeds on Arbi

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!