Summary

A critical logic error has been identified in the position notional value checking logic. The system incorrectly determines whether a trade increases a position's notional value by only considering absolute position sizes rather than actual exposure changes.

The issue manifests in the core settlement logic of the system. The _fillOrder function in SettlementBranch.sol serves as the primary entry point for trade execution and relies on isNotionalValueIncreasing for critical safety checks:

The Position library's implementation of this critical check contains a fundamental logic error:

This implementation makes a critical assumption that comparing absolute position sizes is sufficient to determine if notional value is increasing. However, this assumption breaks down in several important trading scenarios. Consider a trader with a short position of -100 contracts who places a buy order for +60 contracts through the settlement branch. The resulting position would be -40 contracts. The current implementation would return false because |40| < |100|, incorrectly indicating a decrease in notional value when the trade might actually be increasing the trader's exposure.

The function fails to account for the directional nature of positions and the complexity of exposure changes. When reducing short positions, reducing long positions that cross zero, or switching position direction, the absolute size comparison becomes misleading. A decrease in absolute position size does not necessarily correspond to a decrease in notional value or exposure.

These edge cases have serious implications for the system's risk management. When _fillOrder processes a trade, it uses this determination to decide whether to enforce market disablement and settlement checks. The current implementation could allow trades during market disablement that should be blocked, as it fails to recognize certain types of exposure increases. Additionally, the margin requirement calculations are influenced by this determination:

Impact

The issue creates a systemic risk in the trading engine. When _fillOrder receives incorrect signals about position exposure changes, the system may bypass critical market disablement restrictions that should be enforced. The faulty position change detection leads to incorrect margin requirement applications, potentially allowing trades that increase system risk during periods when such increases should be prevented. Furthermore, the miscategorization of position changes can lead to accumulated risk in the system. This vulnerability is particularly concerning because it sits in the critical path of trade execution, affecting every trade that modifies an existing position.

Proposed Solution

A corrected implementation should account for position directionality, zero-crossing scenarios, and true exposure changes: