Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

`liquidateAccounts()` updates `OpenInterest` and `Skew` wrongly.

bladesec

Github link

https://github.com/Cyfrin/2024-07-zaros/blob/d687fe96bb7ace8652778797052a38763fbcbb1b/src/perpetuals/branches/LiquidationBranch.sol#L209

Summary

liquidateAccounts() resets OpenInterest and Skew every time.

Vulnerability Details

liquidateAccounts() calls perpMarket.updateOpenInterest() after a liquidation.

// update perp market's open interest and skew; we don't enforce ipen
// interest and skew caps during liquidations as:
// 1) open interest and skew are both decreased by liquidations
// 2) we don't want liquidation to be DoS'd in case somehow those cap
// checks would fail
perpMarket.updateOpenInterest(ctx.newOpenInterestX18, ctx.newSkewX18); //@audit wrong values

But these two values are 0 because there is no logic to update them in liquidateAccounts().

During an order settlement, these values are updated in checkOpenInterestLimits().

But liquidateAccounts() doesn't call checkOpenInterestLimits() because it would bring an unexpected reverting.

So updateOpenInterest() will be called with the uninitialized OpenInterest and Skew.

Impact

The protocol won't work properly after a liquidation because OpenInterest and Skew are reset.

Tools Used

Manual Review

Recommendations

liquidateAccounts() should call checkOpenInterestLimits() without checking any limitation to update these 2 values.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

`liquidateAccounts` calls `updateOpenInterest` with uninitialized OI and skew)

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.