Incorrect Position Limit Validation in OrderBranch::createMarketOrder Function
Summary
The OrderBranch::createMarketOrder function does not correctly validate position limits when an account has an active position in a market. The function incorrectly runs the validatePositionsLimit() check only when ctx.isMarketWithActivePosition is false. This oversight could allow accounts to exceed the maximum number of open positions set by the protocol.
Vulnerability Details
The vulnerability lies in the following code snippet:
This condition incorrectly checks for accounts without an active position, whereas it should be checking for accounts with an active position to enforce the position limit properly.
https://github.com/Cyfrin/2024-07-zaros/blob/main/src/perpetuals/branches/OrderBranch.sol#L289
Impact
This vulnerability could lead to the following issues:
Accounts could potentially open more positions than the protocol's intended maximum limit.
This loophole can be exploited by malicious actors to bypass position limits, creating an unfair advantage and possible financial discrepancies.
In a worst-case scenario, it could lead to market manipulation or systemic risk if too many positions are opened without proper validation.
It may lead to unexpected behavior in other parts of the protocol that assume the position limit is correctly enforced.
Tools Used
Manual Review
Recommendations
The condition for position limit validation should be reversed. Replace the current code:
This change ensures that the position limit validation is applied correctly and consistently, preventing accounts from exceeding the protocol's maximum allowed open positions.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.