Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Updating maintenance margin and loanToValue of collateral will cause instant liquidation

SBSecurity

Summary

Since both global and market configurations are not time-locked, they will apply the modifications that the admins performed instantly. But there are 2 important properties which when updated (with any valid number, this problem depends only on the side of update) will lead to a series of liquidations for the accounts with a margin around their maintenance margin - PerpMarket::maintenanceMarginRateX18 and MarginCollateralConfiguration::loanToValue. If MMR is increased this will make all the positions below that increased percentage liquidateable and when LTV is decreased accounts having this collateral type will face instant margin reduction.

Code for LTV:

TradingAccount.sol

function getMarginBalanceUsd(
Data storage self,
SD59x18 activePositionsUnrealizedPnlUsdX18
)
internal
view
returns (SD59x18 marginBalanceUsdX18)
{
...MORE CODE
// calculate the collateral's "effective" balance as:
// collateral_price * deposited_balance * collateral_loan_to_value_ratio
UD60x18 adjustedBalanceUsdX18 = marginCollateralConfiguration.getPrice().mul(ud60x18(balance)).mul(
ud60x18(marginCollateralConfiguration.loanToValue)
);
...MORE CODE
}

Code for MMR:

Position.sol

function getMarginRequirement(
UD60x18 notionalValueX18,
UD60x18 initialMarginRateX18,
UD60x18 maintenanceMarginRateX18
)
internal
pure
returns (UD60x18 initialMarginUsdX18, UD60x18 maintenanceMarginUsdX18)
{
initialMarginUsdX18 = notionalValueX18.mul(initialMarginRateX18);
maintenanceMarginUsdX18 = notionalValueX18.mul(maintenanceMarginRateX18);
}

Vulnerability Details

The max leverage that Zaros allows is configured based on the IMR and MMR set and we can assume that majority of the positions will be around the initial margin or below initial and above maintenance, as this is a valid scenario, since liquidation happens below MMR.
Let’s imagine the following configuration in a ETH/USD (for sake of example assume ETH price is $1000) market:

  1. MMR = 5%

  2. IMR = 10%

  3. CollateralTypes = wBTC with 80% LTV (for sake of example assume indexPrice = $1000)

  4. Multiple traders open positions all with same setup:

    1. Collateral = 1.25e18 ($1250 * 80% = $1000)

    2. Position Size = 10e18 ($10_000) (10x leverage)

  5. Price of wBTC falls to $550

    1. Collateral = 1.25e18 ($687.5 * 80% = $550)

    2. Position Size = 10e18 ($10_000) (10x leverage)

    3. This puts the position between IMR and MMR (margin is now 5.5% of the size, since)

  • Admin increases the MMR without giving any time to the traders to 7% and all of the positions are wiped instantly by the liquidation bot, while they were perfectly fine in the previous configuration.

  • Admin decreases wBTC LTV to 50%, margin collateral immediately falls to 687.5 * 50% = 343.75 and positions are wiped again, leading to loss of the LPs, since this is how the system will behave.

This is clearly not design decision, since it can be prevented and execution happens immediately, probably the intention of Zaros team was to have all the positions above the initial margin and then update these params but this can’t happen as being b/n MMR and IMR is completely viable scenario.

Impact

Batch liquidation of the positions that are between IMR and MMR, when LTV and/or MMR are updated without being timelocked first.

Tools Used

Manual Review

Recommendations

Add timelocks for all the important operations, markets will be frequently configured by the appropriate team to align with the current DeFi landscape.

Updates

Lead Judging Commences

inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.