Summary

The contract performs multiple fixed-point arithmetic operations using high-precision libraries (UD60x18 and SD59x18) to compute margin balances and liquidation thresholds. However, repeated operations may accumulate rounding errors, potentially leading to small inaccuracies in margin calculations. These imprecisions could result in accounts being liquidated slightly above or below the intended threshold.

Vulnerability Details

During the liquidation process, the contract calculates the notional value of positions as follows:

Despite using fixed-point libraries designed for high precision, each conversion and multiplication might introduce minute rounding differences. When these operations stack across multiple accounts or complex calculations, the resulting deviation, although small, could impact the accuracy of margin balance computations. This may inadvertently cause an account to be deemed liquidatable (or vice versa) due to accumulated precision errors.

Impact

• Margin Misjudgment: Minor rounding discrepancies could lead to accounts being liquidated even when they are marginally solvent, or being spared liquidation when they should be flagged.

• User Dissatisfaction: Traders may experience unexpected liquidations or delays, eroding trust in the protocol’s fairness.

• System Reliability: Over time and across many transactions, small inaccuracies could aggregate, potentially affecting overall system stability and risk assessments.

Tools Used

• Manual Code Review: Detailed inspection of the arithmetic operations and their use of UD60x18 and SD59x18 libraries.

• Static Analysis Tools

• Simulation Testing

Recommendations

• Review and Standardize Rounding Behavior: Ensure that all arithmetic operations involving fixed-point numbers implement a consistent rounding strategy (e.g., always rounding up or down) to mitigate the accumulation of errors.

• Precision Audit: Conduct a thorough audit of all margin-related calculations to quantify the maximum potential deviation caused by rounding errors and confirm that it remains within acceptable bounds.

• Enhanced Testing: Introduce detailed unit tests and simulations specifically targeting the precision of margin calculations, ensuring that any discrepancies remain negligible.

• Documentation: Clearly document any known limitations of the fixed-point arithmetic used within the protocol to manage expectations regarding precision and its potential impact on liquidation decisions.