Zaros Part 1

Summary

The rate at which funding will be accrued can be changed by the admin in the updatePerpMarketConfiguration function. However, the pending funding fees are not handled when this call happens. Because of this, the pending funding fees will be modified based on the new funding velocity, leading to potential loss of funds for users and, in some cases, wrongful liquidation.

Vulnerability Details

If the modification increases the funding fees, it results in a loss of funds for traders. Conversely, if the funding fees decrease, it results in a loss of yield for those receiving the funding fees.

The worst-case scenario is an increase in funding velocity. This causes a step-wise jump that could push some users into liquidation. The increased funding velocity would make the funding amount larger, which, if negative, would be deducted from the users' collateral value, potentially leading to unexpected liquidation.

This issue differs from other admin state changes. For instance, changes in LTV, open interest, or maintenance margin give users notice and allow them to act accordingly. There is no direct impact that cannot be avoided in those cases.

Changing the funding velocity is different. There will be pending funding amounts that have not been accounted for. This amount comes from an arbitrary duration between the last funding update and the function call. The past amount should not be altered as it is based on the funding rate and skew for that time. Adjusting it based on a funding velocity that was not applicable during that period leads to a loss of funds for users.

Impact

Loss of funds caused by the step-wise jump in funding fees.

Tools Used

Manual analysis

Recommendations

At the beginning of the updatePerpMarketConfiguration function, update the funding so that pending funding is not impacted by the new maxFundingVelocity.