Zaros Part 1

Zaros

DeFiFoundry

60,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

SEV 16: Liquidation might deduct significantly more collateral than the losses incurred by the trader

s3v3ru5

Severity: High

Summary

The protocol deducts value of maintenance margin required for the trader account upon liquidation. The loss from the trader's position might be significantly less than the required maintenance margin. As a result, the trader might be charged much more than the amount required to cover the debt from their account.

Vulnerability Details

Code: LiquidationBranch::liquidateAccounts; LiquidationBranch.sol#L150-L158

// SPDX-License-Identifier: UNLICENSED

pragma solidity 0.8.25;

import { UD60x18, ud60x18, convert as ud60x18Convert } from "@prb-math/UD60x18.sol";

import { SD59x18, sd59x18 } from "@prb-math/SD59x18.sol";

import {Test} from "forge-std/Test.sol";

import "forge-std/console.sol";

contract LiquidationOverDeduction is Test {

function test_over_deduction() external {

UD60x18 btcFillPrice = ud60x18Convert(68818);

UD60x18 ethPrice = ud60x18Convert(3312);

uint initialMarginRate = 0.01e18;

uint maintenanceMarginRate = 0.005e18;

int256 positionSize = -50e18;

// after LTV

uint256 userEthCollateral = 10.4e18;

UD60x18 notionalValue = sd59x18(positionSize).abs().intoUD60x18().mul(btcFillPrice);

UD60x18 initialMargin = ud60x18(initialMarginRate).mul(notionalValue);

assert(ud60x18(userEthCollateral).mul(ethPrice).gt(initialMargin));

UD60x18 btcNewFillPrice = ud60x18Convert(69100);

UD60x18 ethNewPrice = ud60x18Convert(3000);

SD59x18 priceShift = btcNewFillPrice.intoSD59x18().sub(btcFillPrice.intoSD59x18());

SD59x18 unrealizedPnlUsdX18 = sd59x18(positionSize).mul(priceShift);

notionalValue = sd59x18(positionSize).abs().intoUD60x18().mul(btcNewFillPrice);

UD60x18 maintenanceMargin = ud60x18(maintenanceMarginRate).mul(notionalValue);

UD60x18 marginBalance = ud60x18(userEthCollateral).mul(ethNewPrice);

assert(maintenanceMargin.gt(marginBalance.intoSD59x18().add(unrealizedPnlUsdX18).intoUD60x18()));

emit log_named_decimal_int("Loss (USD)", unrealizedPnlUsdX18.intoInt256(), 18);

emit log_named_decimal_uint("Deducted Amount (maintenance margin) (USD)", maintenanceMargin.intoUint256(), 18);

}

Logs:

Loss (USD): -14100.000000000000000000

Deducted Amount (maintenance margin) (USD): 17275.000000000000000000

Impact

Trader loses collateral if the loss incurred by their account is significantly less than the deducted maintenance margin.

Tools Used

Manual Review

Recommendations

Deduct collateral amount based on the trader's loss. Consider charging a fixed percentage(100% + x%) of the loss amount.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Too generic

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,878

21 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.