New `openInterest` and `skew` values are set to `0` for each user's active market during a successful liquidation
Summary
New openInterest and skew values are set to 0 for each user's active market during a successful liquidation
Vulnerability Details
When an account is liquidated, all of its positions are closed.
As closing a position imply new values for the open interest and skew for this market, these values must be updated.
For this reason, a function perpMarket::checkOpenInterestLimits compute the new value for these parameters based on the new state of the position.
The issue is that the values provided to perpMarket::updateOpenInterest are never set, and thus equal to zero.
This is correctly implemented during standard market order execution which calls perpMarket::checkOpenInterestLimits and then use the resulting values to feed perpMarket::updateOpenInterest.
Impact
Market Skew and Open Interest parameters are set to 0, which will completely mess up accounting and trade execution.
Tools Used
Manual review
Recommendations
Compute the new openInterest and skew values before calling perpMarket::updateOpenInterest.
The perpMarket::checkOpenInterestLimits in its current state might not exactly fit the situation, as a liquidation exceeding the market open interest and skew limits would force the call to revert, but liquidating the dangerous position is probably more important than checking those limits.
Lead Judging Commences
`liquidateAccounts` calls `updateOpenInterest` with uninitialized OI and skew)
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.