Zaros Part 1

Zaros

DeFiFoundry

60,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Bounds Overreach Liquidation Checker in checkLiquidatableAccounts()

CoderOfPHCity

Summary

function test_WhenUpperBoundEqualsActivePositionsLength() external {

uint256 activePositionsLength = perpsEngine.workaround_getAccountsIdsWithActivePositionsLength();

assertEq(activePositionsLength, 0, "There should be no active positions initialized.");

uint256 lowerBound = 2;

uint256 upperBound = 3;

uint128[] memory liquidatableAccountIds = perpsEngine.checkLiquidatableAccounts(lowerBound, upperBound);

assertTrue(liquidatableAccountIds.length >= activePositionsLength);

assertEq(liquidatableAccountIds.length, 1, "There should be no liquidatable accounts as bounds exceed data length.");

}

`activePositionsLength is 0` this means there are no active positions managed by the contract, which implies there should be no liquidatable accounts.

Bounds given are lowerBound = 2 and upperBound = 3, which are clearly out of the range of existing active accounts (since there are none).

Vulnerability Details

the function returns an array of length 1. This indicates:

The function might be initializing the array `liquidatableAccountsIds` with the size directly derived from the difference between upperBound and lowerBound (which equals 1 in this case) without validating whether there are actual data entries within these bounds to justify this size.

Impact

The protocol act on the output of this function, it could potentially lead to incorrect liquidations.

For instance, if the system attempts to liquidate what it believes to be a valid account based on the returned array, it might either fail (due to the non-existence of the account) or incorrectly affect other state variables or balances within the contract.

Tools Used

manual review

Recommendations

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,878

21 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.