Zaros Part 1

Zaros

DeFiFoundry

60,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

When accounting the positive PNL, the price of USDz is assumed to be pegged to 1 dollar

draiakoo

Summary

When accounting the positive PNL, the price of USDz is assumed to be pegged to 1 dollar

Vulnerability Details

When a position has positive PNL and executes a market order, it accounts this PNL by giving margin to the position with USDz tokens. This USDz token is intended to be pegged to 1$.

function _fillOrder(

uint128 tradingAccountId,

uint128 marketId,

uint128 settlementConfigurationId,

SD59x18 sizeDeltaX18,

UD60x18 fillPriceX18

)

internal

virtual

{

...

// if trader's old position had positive pnl then credit that to the trader

if (ctx.pnlUsdX18.gt(SD59x18_ZERO)) {

ctx.marginToAddX18 = ctx.pnlUsdX18.intoUD60x18();

tradingAccount.deposit(ctx.usdToken, ctx.marginToAddX18);

// mint settlement tokens credited to trader; tokens are minted to

// address(this) since they have been credited to trader's deposited collateral

// NOTE: testnet only - this call will be updated once the Market Making Engine is finalized

LimitedMintingERC20(ctx.usdToken).mint(address(this), ctx.marginToAddX18.intoUint256());

}

...

}

As we can see the amount of USDz accounted to the position's margin is in dollars because of the PNL. This means that the PNL accounting will only work when the USDz token is pegged to 1$. So in a scenario where the token depegs, users will receiver less funds from their positive PNL and the protocol will not work as intended.

Impact

The impact of this issue is high if it happens. However, it is pretty rare that the token depegs, so a medium severity should be good.

Tools Used

Manual review

Recommendations

Fetch the price of the USDz token in terms of USD and account the PNL accordingly to the price of the tokens, so in a scenario of a token depeg, the protocol would work properly.

Updates

Lead Judging Commences

inallhonesty Lead Judge

over 1 year ago

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Design choice

Assigned finding tags:

Protocol assumes that the price of USDz is equal to 1

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,878

21 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.