Zaros Part 1

Zaros

DeFiFoundry

60,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

`isIncreasing()` function does not cover the case where we are increasing in the opposite direction

DPS

Summary

The isIncreasing() function checks if the position is being increased and if yes there are checks if the market and the settlement are enabled, also it is used when checking which of the 2 margins (maintenance or initial) should be used when validating the margin requirement. The problem is that the function does not cover the case where the user is increasing his position but in the opposite direction

Vulnerability Details

This is the current implementation of the isIncreasing()

function isIncreasing(

uint128 tradingAccountId,

uint128 marketId,

int128 sizeDelta

)

internal

view

returns (bool)

{

Data storage self = Position.load(tradingAccountId, marketId);

return self.size == 0 || (self.size > 0 && sizeDelta > 0) || (self.size < 0 && sizeDelta < 0);

}

The return covers only the cases when we are opening a new position or increasing it in the same direction. If we have the case where we have sizeDelta -10 and then we increase our position with sizeDelta +100 we are still increasing it but this statement will return false. This means that we are going to skip this check here

if (ctx.isIncreasing) {

// both checks revert if disabled

globalConfiguration.checkMarketIsEnabled(params.marketId);

settlementConfiguration.checkIsSettlementEnabled();

}

and also here we are going to get the wrong margin

ctx.shouldUseMaintenanceMargin = !Position.isIncreasing(params.tradingAccountId, params.marketId, params.sizeDelta)

&& ctx.isMarketWithActivePosition;

ctx.requiredMarginUsdX18 =

ctx.shouldUseMaintenanceMargin ? ctx.requiredMaintenanceMarginUsdX18 : ctx.requiredInitialMarginUsdX18;

We will get the maintenance margin instead the initial

And when this check here is performed

tradingAccount.validateMarginRequirement(

ctx.requiredMarginUsdX18, ctx.marginBalanceUsdX18, ctx.orderFeeUsdX18.add(ctx.settlementFeeUsdX18)

);

It will validate the wrong margin and it will not revert in some cases where it should because the maintenance margin is < initial margin

Impact

High because a functionality in the protocol does not work as intended. This will lead to unexpected behaviour and orders that should have reverted will be created and executed

Tools Used

Manual review

Recommendations

This check has to be changed. Perform a check using an abs() of the size delta to check if the new size delta is bigger than the previous one.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Disable market limitation can be bypassed

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,878

21 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.