Markets will have wrong skew and open interest after a liquidation
Summary
Markets will have wrong skew and open interest after a liquidation
Vulnerability Details
Whenever a liquidation happens, every position for the liquidator gets closed. Then, the open interest and skew for that particular market get updated:
The issue is that these values were never actually set and the open interest and the skew for the market will be set to 0. Doing that will cause huge issues for all different kinds of calculations. These values will only be correct if that was the only position in the market however if there is more than one user who has a position in a specific market, these values will be incorrect.
Imagine the following super simple scenario:
Bob creates a long position with a size of 10, now the skew is 10
Alice creates a long position with a size of 10, now the skew is 20
At a later point, Bob gets liquidated and now the skew is set as 0 however Alice still has a position of 10, the skew should actually be 10
Impact
Markets will have wrong skew and open interest after a liquidation
Tools Used
Manual Review
Recommendations
Add this line if you wish to enforce them (will lead to reverts in some cases, could be catastrophical):
If you decide not to enforce them, just update the skew and open interest with the actual values and accept the risk that the skew can actually go over the maximum (explained in a different issue I have submitted).
Lead Judging Commences
`liquidateAccounts` calls `updateOpenInterest` with uninitialized OI and skew)
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.