`verifyOffchainPrice()` will always revert due to insufficient native balance for on-chain data verification
Summary
Vulnerability Details
The SettlementConfiguration::verifyOffchainPrice() is called during order settlement, it verifies the provided input priceData on-chain, by sending an external call to chainlink verifier proxy contract. This proxy contract required a verification fee to process the verification, as can be seen below,
the contract using the native ETH as a fee.
The issue here is that the core fillMarketOrder() and fillOffchainOrders() functions internally uses the .verifyReport() function. Neither of these function have the payable modifier, and the contract also doesn't have any receive/fallback() function to pay for the verification cost.
Due to the insufficient fee balance, the call to the verifier contract reverts, along with the entire order filling txn.
Impact
Users orders cannot be filled further
Tools Used
Manual review
Recommendations
Add a payable modifier to the filMarketOrder() and fillOffchainOrders()
Lead Judging Commences
No means for the PerpEngine to receive native to pay the Chainlink Verifier in case Chainlinks charges fees to the protocol
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.