Part 2

Zaros

PerpetualsDEXFoundrySolidity

70,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Fee Exploitation: Attackers can manipulate fees and drain funds

olami9783

Summary

An attacker could exploit the order fee calculation to

Impact

Avoid paying fee
Trigger unnecessary fee charge by raipidly opening/closing orders

Vulnerability Details

This vulnerability occurs since the order fee calculation and deduction process allows attackers to

Avoid paying fee:

If fees are calculated before trade validation but not deducted upfront, a malicious trader could bypass the fee payment mechanism while still executing the trades.

Exploit fee refunds or cancellation:

the system charges fee but allows free cancellations, an attacker could rapidly open and cancel orders to drain protocol funds or inflate trading activity artificially.

Manipulate fee calculations for tiny orders:

If fees are too low for small trades a trader could abuse micro-orders to spam the system with minimal cost.
This creates unnecessary computational overhead and potential DoS risks for the platform.
PoC

Scenario:
Alice submits an order, and the systems calculated but does not charge fees immediately
Before execution, Alice cancels the order, avoiding the fee entirely.
Alice can spam thousand of orders and cancels them abusing free order placements
This inflates fake trading activity while never actually paying any fees.

(

ctx.marginBalanceUsdX18,

ctx.requiredInitialMarginUsdX18,

ctx.requiredMaintenanceMarginUsdX18,

ctx.orderFeeUsdX18, // Fee is only calculated here not deducted!

ctx.settlementFeeUsdX18,

) = simulateTrade(

SimulateTradeParams({

tradingAccountId: params.tradingAccountId,

marketId: params.marketId,

settlementConfigurationId: SettlementConfiguration.MARKET_ORDER_CONFIGURATION_ID,

sizeDelta: params.sizeDelta

})

);

// No fee deduction happens here

tradingAccount.validateMarginRequirement(

ctx.requiredMarginUsdX18,

ctx.marginBalanceUsdX18,

ctx.orderFeeUsdX18.add(ctx.settlementFeeUsdX18).add(

ud60x18(perpsEngineConfiguration.liquidationFeeUsdX18)

)

);

Micro Order Spam

If there is no minimum fee enforcement
Malicious trader can:
Place thousands of tiny trades (e.g., $0.01 trades )
Exploit near-zero fees to flood the system with orders
Slow down the contract (Dos attack) without meaningful cost.

Tools Used

Manual Review

Recommendations

Charge fees upfront

// Deduct order fee immediately to prevent abuse

tradingAccount.chargeFee(ctx.orderFeeUsdX18);

Enforce a minimum Fee

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Prize pool breakdown

Total prize

70,000 USDC

nSLOC

3,258

21 USDC / LOC

High Medium

66,500

Low

3,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.