Zaros Part 1

Summary

Not fully enforcing open interest and skew limits will cause reverts when filling orders

Vulnerability Details

Whenever a user creates a market order, we will go through this line:

The function checks whether the position wouldn't put the skew and open interest above the limits. The function returns two parameters which are the new skew and the new open interest based on the size delta provided by the user., they are both omitted here. Then, whenever the order is filled, the same function is called but this time the return values are checked and used to update the current open interest and current skew:

This allows for the following issue to happen:

1. The open interest limit for a market is 100

2. The current open interest is 0

3. 10 people create market orders, all with a sizeDelta of 100

4. All of those market orders are successfully created as the current open interest is 0 and the limit is 100

5. The keeper fills the first order successfully, now the current open interest is 100

6. All 9 other market orders will revert when the keeper tries to fill them as the open interest limit is reached

This is possible as when creating a market order, the limit is only checked but no changes occur. While the open interest and skew are not guaranteed to change when an order is created as it might not be filled at all, it is still a good idea to handle a scenario like that in some way to avoid such a sequence of reverts.

Impact

Not fully enforcing open interest and skew limits will cause reverts when filling orders

Tools Used

Manual Review

Recommendations

Fix is not trivial, consider updating the open interest and skew when an order is created, however that could create different scenarios to consider