Zaros Part 1

https://github.com/Cyfrin/2024-07-zaros/blob/main/src/perpetuals/branches/LiquidationBranch.sol#L209
https://github.com/Cyfrin/2024-07-zaros/blob/main/src/perpetuals/leaves/PerpMarket.sol#L344-L348

Summary

Within the LiquidationBranch.sol contract, the updateOpenInterest function sets the skew to 0 instead of correctly calculating the new skew value (newSkewX18). This issue can lead to significant financial losses and market manipulation by allowing traders to exploit the reset skew during every liquidation.

Description

In the LiquidationBranch.sol contract, the updateOpenInterest function is called during the liquidation process to update the open interest and skew of the perpetual market. However, the current implementation sets the skew to 0 (ctx.newSkewX18 = 0) instead of calculating the correct skew value based on market conditions. This reset to a neutral skew can be exploited by malicious traders who can anticipate liquidations and manipulate their trades to benefit from the artificially neutral market conditions.
In the current implementation, ctx.newSkewX18 is not properly calculated and is set to 0:

Impact

Resetting the skew to neutral (0) during every liquidation can lead to severe financial losses and market manipulation:

1. Arbitrage Opportunities: Traders can watch for liquidations and exploit the reset skew to enter positions at artificially neutral conditions, regardless of the actual market sentiment. This can lead to arbitrage opportunities that can drain liquidity and destabilize the market.

2. Manipulation by Advanced Traders: Malicious actors like Alice can monitor liquidation events and backrun them with buy or sell orders, knowing that the skew will reset to neutral. This can result in substantial gains for the manipulators at the expense of other traders and the market's stability.

3. Incorrect Market Signals: Resetting skew to neutral disregards the actual market conditions, leading to incorrect signals for traders. This can cause traders to make ill-informed decisions, resulting in significant financial losses.

4. Volatility and Market Imbalance: Continuous resetting of skew to neutral disrupts the market's natural balancing mechanisms, leading to increased volatility and potential long-term imbalance.

5. Degredation of Integrity: With these funding rates not being properly calculated as per the documentation, there will be a degredation of integrity for the ecosystem.

Proof of Concept

According to Zaros' own test within liquidateAccounts.t.sol, we can see this by running forge test --match-test testFuzz_GivenThereAreLiquidatableAccountsInTheArray -vvvvv:

We get the above output, clearly indicating the skew to be 0. However, this not only goes against common sense, but against Zaros' own comments in their code:

Thus, the intended functionality is that this liquidation would decrease the skew, not reset it to 0.

Financial Impact Analysis

To illustrate the potential financial impact, consider the following hypothetical scenario:

• The market skew before liquidation is highly negative, indicating a bearish sentiment.

• The liquidation event occurs, and the skew is reset to neutral (0).

• Alice, an advanced trader, backruns the liquidation with a significant buy order, taking advantage of the neutral skew.

• The sudden buy order at neutral skew can lead to a sharp price increase, causing losses for traders who were short before the liquidation.

If the market capitalization is large, even a small percentage movement due to skew manipulation can lead to substantial financial losses. For example, if the market has a total value of $1 billion and the skew manipulation causes a 1% price change, the financial impact could be $10 million.

Tools Used

Manual Review

Recommended Mitigation Steps

Calculate the Correct Skew Value: Update the LiquidationBranch.sol contract to calculate the correct skew value based on the current market conditions.