Part 2

Zaros

PerpetualsDEXFoundrySolidity

70,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Cross Market Liquidation Cascade Allows Market-Wide Forced Liquidations Exploit Using a Single Collateral Source

olami9783

Summary

The liquidation logic in the protocol fails to isolate margin between different markets, allowing a single collateral deposit to be used for multiple leverage positions across different markets. This open the door for a cross market liquidation cascade exploit, where an attacker leverages the same collateral multiple times and force liquidations across all positions by manipulating one market.

Vulnerability Details

Exploit Strategy:

Deposit small collateral

The attacker deposit $10,000 in collateral
Uses 10x leverage to open large positions in multiple market (e.g., BTC/USD, ETH/USD, SOL/USD).
Total leverage exposure: $300,000 (3 market x $100,000 positions each).

Manipulate Low Liquidity Market

The attacker target a low liquidity market (e.g., SOL/USD).
Uses spot trading or large market orders to artificially dump the price.
This reduce their margin balance, triggering liquidation for SOL/USD.

Trigger Cross-Market Liquidation

Since all positions share the same collateral, the liquidation of SOL/USD reduces total margin.
The BTC/USD, ETH/USD now lacks sufficient collateral.
The protocol force liquidate as well even if they were profitable!

Profit From The Forced Liquidation

The attacker places limit order at cheap price before the liquidation event.
When liquidation happen, they buy asset at artificially low price due to slippage.
This allow them to profit while draining traders funds and disrupting market stability.
The liquidation function does not isolate margin per market

ctx.marginBalanceUsdX18 = tradingAccount.getMarginBalanceUsd(ctx.accountTotalUnrealizedPnlUsdX18);

All position rely on the same margin, making them vulnerable to liquidation cascade.

Liquidation function does not consider cross-market risk

// account is liquidatable if requiredMaintenanceMarginUsdX18 > ctx.marginBalanceUsdX18

if (

!TradingAccount.isLiquidatable(

ctx.requiredMaintenanceMarginUsdX18, ctx.marginBalanceUsdX18, ctx.liquidationFeeUsdX18

)

) {

continue;

}

If one market is manipulated, it drains margin across all positions.

Forced Liquidations Cause Market Instability
Liquidations immediately dump positions on the market, causing slippage.

perpMarket.updateFunding(ctx.fundingRateX18, ctx.fundingFeePerUnitX18);

This allows attackers to profit from liquidated positions by placing cheap limit order.

Impact

Loss of trader funds due to forced liquidations
Massive slippage and protocol wide instability
Potential insolvency if liquidations fail to recover sufficient margin
Severe damage to the protocol reputation and liquidity provider confidence

Tools Used

Manual Review

Recommendations

1.** Isolated Margin Per Market**

Require separate margin accounts for each market to prevent cascading liquidations.

Staggered Liquidations:

Instead of liquidating all positions at once, liquidate one at a time to prevent full margin collapse.

Smarter Liquidation Auction:

Instead of force-selling into the market, use an auction-based liquidation mechanism to reduce slippage.

Updates

Lead Judging Commences

inallhonesty Lead Judge

5 months ago

inallhonesty Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

70,000 USDC

nSLOC

3,258

21 USDC / LOC

High Medium

66,500

Low

3,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.