Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

High leverage risk stems in `configureMarginCollateral()` in the `PerpsEngineConfigurationBranch.sol`

viquetoh

Summary

A vulnerability stems from PerpsEngineConfigurationBranch.sol in the configureMarginCollateral() function making the protocol open to high leverage risk.

The function allows setting a loanValue ratio exceeding 100%(1e18 in 18 decimals) this vulnerability creates a path for high leverage risk, which we assume will be harmful to the protocol.

Vulnerability Details

https://github.com/Cyfrin/2025-01-zaros-part-2/blob/35deb3e92b2a32cd304bf61d27e6071ef36e446d/src/perpetuals/branches/PerpsEngineConfigurationBranch.sol#L246-L253
function configureMarginCollateral(
address collateralType,
uint128 depositCap,
uint120 loanToValue,
address priceAdapter
)

This loan to value parameter dictates how much debt a user can take per unit of collateral for instance LTV=1.2e18 allows borrowing 120 percent of the collateral value. But here they're no checks to ensure that loanValue <= 1e18 leaving it open for users to borrow more than collateral value .

Impact

Users can borrow more than deposited collateral and withdraw profits.

POC
``

Tools Used

Manual review

Recommendations

Add LTV validation in configureMarginCollateral() function.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Appeal created

viquetoh Submitter
10 months ago
inallhonesty Lead Judge
10 months ago
inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!