Zaros Part 1

Summary

While filling the order the requiredInitialMarginUsdX18 and requiredMaintenanceMarginUsdX18 are getting calculated with the wrong oracle price.

Vulnerability Details

The SettlementBranch:fillMarketOrder function allows a keeper to fill users' pending market orders. The index price is calculated as follows:

Based on the price passed by the keeper, and after verification, the index price is set depending on whether the order is a buy or sell order.

In the execution, the function SettlementBranch:_fillOrder is called, which includes the following:

This function returns totalPnl, requiredInitialMargin, and requiredMaintenanceMargin.

In the function tradingAccount:getAccountMarginRequirementUsdAndUnrealizedPnlUsd, the markPrice is calculated as follows:

Here, the index price is directly taken from the oracle, which introduces a discrepancy because the index price used here differs from the verified index price used earlier. As a result:

• Users may have to pay higher prices for their PnL: This discrepancy can lead to inflated PnL calculations.

• Increased margin requirements: Users may need to maintain higher margins than expected, potentially causing their transactions to fail.

This vulnerability arises from the inconsistency between the verified index price used in SettlementBranch:fillMarketOrder and the direct oracle-based index price used in margin and PnL calculations. This inconsistency can adversely affect users by imposing higher costs and stricter margin requirements.

Impact

1. Users may have to pay higher prices for their PnL: This discrepancy can lead to inflated PnL calculations.

2. Increased margin requirements: Users may need to maintain higher margins than expected, potentially causing their transactions to fail.

Tools Used

Manual

Recommendations

Use same prices for both