Loss of liquidated collateral assets due to failure to factor fees in liquidation process
Summary
The protocol fails to factor in the liquidation fee when checking if an account is liquidatable.
Vulnerability Details
The protocol fails to factor in the liquidation fee when checking if an account is liquidatable. At the point where the liquidation status of an account is checked, the protocol compares the required margin, requiredMaintenanceMarginUsdX18 , to the margin balance, ctx.marginBalanceUsdX18.
If the requiredMaintenanceMarginUsdX18 is greater than the marginBalanceUsdX18 of the account, the account is liquidated.
However, considering that the protocol takes a liquidation fee from the collateral balance of the liquidated account, the fee should be factored into the isLiquidatable(). Otherwise, we end up in a situation where either the liquidation fee recipient or the collateral recipient will be short of what they are supposed to receive after each liquidation.
In the case of Zaros, the liquidation fee recipient is fully compensated as they are first paid before the rest of the collateral assets are sent to the collateral recipient.
See here for how the liquidated collateral is distributed.
Impact
Loss of collateral asset for the collateral recipient.
Tools Used
Manual
Recommendations
Factor in the liquidation fee when checking if an account is liquidatable.
Lead Judging Commences
Liquidation doesn't take the liquidation fee in consideration inside the isLiquidatable check
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.