Summary

When creating an order there is a check if a user is in liquidatable state and if it is true he should not be able to create an order and his position has to be liquidated. The problem is that fees are not accounted when checking for this which means that there will be scenarios where the trader can't cover the fees for the new order but he will still be able to create one and he will then be put in liquidatable state, but when he gets liquidated his margin will not be able to cover everything so the rest will be just taken from the protocol.

Vulnerability Detailss

When creating an order there is a check in the simulateTrade() function if the position of the trader is liquidatable and if it is you should not be able to create this order.

This is the check:

The problem here is that we are not taking into account the order and the settlement fee when checking this. If the user has no collateral to cover this fees this means that his position is in liquidatable state and he should not be able to create this order. In the current implementation if the user manages to open a position where he could not cover the fees and he gets liquidated the fees will be paid by the protocol because it holds the funds of all the users

Impacts

Impact is high because this leads to loss of funds to the protocol. The protocol holds all the collateral from all traders, so the fee will be paid but not by the trader's collateral but from someone else.

Tools Used

Manual review

Recommendations

Add the settlement and the order fee when checking if the user is liquidatable in the simulateTrade()