Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Inaccurate Liquidation Fee Calculation

sparrow

Summary

The liquidation fee in the LiquidationBranch contract is calculated as a fixed amount directly from the global configuration, without considering the actual liquidation amount. This approach can lead to inaccuracies and unfairness in the fees charged to liquidated accounts, impacting the overall financial integrity of the system.

Vulnerability detail

In the current implementation, the liquidation fee is fetched from the global configuration as a fixed value:
https://github.com/Cyfrin/2024-07-zaros/blob/d687fe96bb7ace8652778797052a38763fbcbb1b/src/perpetuals/branches/LiquidationBranch.sol#L123-L124

ctx.liquidationFeeUsdX18 = ud60x18(globalConfiguration.liquidationFeeUsdX18);

This value is applied uniformly to all liquidations regardless of the amount being liquidated. The issue arises because this fixed fee does not scale with the size of the liquidation, leading to potential overcharging or undercharging of fees.

Impact

Liquidated accounts may be charged disproportionately high or low fees compared to the actual cost of liquidation, leading to potential unfairness.

Tools Used

Manual Code Review

Recommendations

  • Update the GlobalConfiguration Contract:

Introduce a new field for the liquidation fee percentage.

uint128 liquidationFeePercentX18;

  • Update the LiquidationBranch Contract:

Calculate the liquidation fee dynamically using the percentage fee from the global configuration.

ctx.liquidationFeeUsdX18 = requiredMaintenanceMarginUsdX18.mul(ud60x18(globalConfiguration.liquidationFeePercentX18)).div(ud60x18(100));
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.