Part 2

Summary

The LiquidationKeeper contract has a potential reentrancy risk in the performUpkeep function during the external call to perpsEngine.liquidateAccounts().

Vulnerability Details

In the performUpkeep function :

The external call to perpsEngine.liquidateAccounts() is made without any reentrancy protection. A malicious contract could exploit this vulnerability to re-execute performUpkeep before the first execution completes.

Impact

• Unintended multiple liquidations of the same account

• Potential manipulation of system state

• Risk of fund loss if liquidation logic can be exploited recursively

• Possible disruption of the liquidation mechanism

Tools Used

• Manual code review

• Slither

• Mythril

Recommendations

1. Add OpenZeppelin's nonReentrant modifier :

   import {ReentrancyGuard} from "@openzeppelin/security/ReentrancyGuard.sol";

   ​

   contract LiquidationKeeper is IAutomationCompatible, BaseKeeper, ReentrancyGuard {

   // ... other imports and code ...

   ​

   function performUpkeep(bytes calldata peformData) external override onlyForwarder nonReentrant {

   uint128[] memory accountsToBeLiquidated = abi.decode(peformData, (uint128[]));

   LiquidationKeeperStorage storage self = _getLiquidationKeeperStorage();

   (IPerpsEngine perpsEngine) = (self.perpsEngine);

   ​

   perpsEngine.liquidateAccounts(accountsToBeLiquidated);

   emit AccountsLiquidated(accountsToBeLiquidated);

   }

   ​

   event AccountsLiquidated(uint128[] accountIds);

   }

2. Follow the Checks-Effects-Interactions pattern:

• Perform all validations first

• Update contract state

• Make external calls last

3.Consider implementing additional safety measures:

• Add a circuit breaker mechanism

• Implement rate limiting for liquidations

• Add comprehensive event logging for better monitoring

These modifications will secure the function against reentrancy attacks and improve operation traceability.