Summary

The liquidation process does not include slippage protection when calculating the mark price for closing positions. The price is derived directly from market data at runtime with no safeguards to check if it deviates significantly from expected values. This omission exposes the protocol to unfavorable liquidations and potential market manipulation.

Vulnerability Details

Within the liquidateAccounts() function, the mark price is calculated as follows:

Impact

• Excessive Liquidation Losses: Traders may suffer greater losses as the liquidation occurs at manipulated or unfavorable prices.

• Market Manipulation Risk: Malicious actors could exploit this vulnerability to intentionally manipulate prices, triggering liquidations that benefit them at the expense of liquidated traders.

• Protocol Integrity: Repeated exploitation could undermine trust in the protocol and discourage participation in the trading platform.

Tools Used

• Manual Code Review

• Static Analysis Tools

• Simulation Testing

Recommendations

• Implement Slippage Limits: Introduce parameters to define a maximum acceptable deviation from an expected mark price. Abort or adjust liquidations if the deviation exceeds this threshold.

• Integrate Robust Price Feeds: Use time-weighted average prices (TWAP) or multiple price oracles to mitigate the impact of sudden, short-term price fluctuations.

• Add Price Verification Steps: Consider incorporating a confirmation mechanism or secondary price check before finalizing liquidations.

• Document Expected Behavior: Clearly document the acceptable slippage range and expected behavior under volatile conditions, ensuring that both the development team and users understand the risk mitigation measures.