Potential for Sandwich Attacks During Liquidation in LiquidationBranch.sol::liquidateAccounts
Summary
The liquidation process calculates the mark price at execution time without incorporating any slippage or price manipulation protection. This can allow malicious actors to sandwich the liquidation by manipulating the market price before and after the liquidation call, potentially causing the liquidated trader to suffer larger losses.
Vulnerability Details
In the liquidation workflow within the liquidateAccounts function, the following operations are performed:
Impact
Increased Losses for Liquidated Traders: A manipulated mark price may force liquidations at adverse prices, stripping more collateral from traders than necessary.
Exploitation by Malicious Actors: Attackers could profit from adverse price moves generated specifically to trigger liquidations under manipulated conditions.
Erosion of Market Fairness: Repeated exploitation could undermine the trust in the protocol, making users wary of entering positions due to manipulation risks.
Tools Used
Manual Code Review
Static Analysis
Recommendations
Implement Slippage Controls: Introduce a mechanism to define a maximum acceptable deviation from the expected mark price. If the deviation exceeds a certain threshold, the liquidation should be aborted or adjusted.
Utilize Robust Price Oracles: Consider integrating a time-weighted average price (TWAP) oracle or multiple price feeds to mitigate sudden market manipulation.
Add Price Verification: Introduce a secondary price check within a short delay or multi-step confirmation process before executing liquidation orders.
Deploy Circuit Breakers: Consider implementing a circuit breaker that pauses liquidations when market volatility exceeds predefined safety limits.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.