Open Interest And Skew Always Set To Zero During Liquidation
Summary
During liquidation, due to a failure to calculate newOpenInterest and newSkew, markets are updated with zero open interest and skew.
Vulnerability Detail
During liquidation, open interest is updated as shown:
However, ctx.newOpenInterestX18 and ctx.newSkewX18 are never calculated. Therefore, the market's open interest and skew is updated with the default value of 0 .
See POC here: https://gist.github.com/giraffe0x/a3ad0ab48b0824b9006667ce355ffa2b
Impact
Critical. After one liquidation, all existing positions of other traders are wiped out preventing further liquidations and all market operations.
Code Snippet
https://github.com/Cyfrin/2024-07-zaros/blob/main/src/perpetuals/branches/LiquidationBranch.sol#L209
Tool used
Manual Review
Recommendation
Call perpMarket.checkOpenInterestLimits to calculate new open interest and skew, before updating the market.
Lead Judging Commences
`liquidateAccounts` calls `updateOpenInterest` with uninitialized OI and skew)
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.