Part 2

Zaros

PerpetualsDEXFoundrySolidity

70,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Unbounded Mark Price Impact in Liquidation Valuation Can Lead to Incorrect Liquidation Proceeds

cheatc0d33

Summary

The liquidateAccounts function uses an unconstrained mark price calculation that could lead to incorrect valuations during liquidations, potentially resulting in unfair liquidation amounts.

While the liquidateAccounts function intentionally bypasses skew checks during liquidation to prevent DoS attacks, it still relies on the getMarkPrice function which performs unconstrained price impact calculations. This creates a risk of mispriced liquidations.

// In liquidateAccounts:

ctx.markPriceX18 = perpMarket.getMarkPrice(ctx.liquidationSizeX18, perpMarket.getIndexPrice());

ctx.accountPositionsNotionalValueX18[j] =

ctx.oldPositionSizeX18.abs().intoUD60x18().mul(ctx.markPriceX18);

The unbounded mark price flows through the following sequence:

Mark price calculation uses unconstrained skew values
This price is used to calculate position notional values
Notional values determine collateral deduction via deductAccountMargin
Final liquidation proceeds are based on these calculations

The getMarkPrice function does not bound its price impact calculations to respect maxSkew limits, even though these values are configured in the protocol. While skew limit bypassing during liquidation is intentional for execution purposes, the lack of bounds in price calculation could lead to extreme price impacts.

Proof of Concept

Market has high skew near maxSkew limit
Large position requires liquidation
Mark price calculation uses unbounded skew values
Results in extreme price impact
Position is liquidated at incorrect value
Either liquidated user loses excess funds or protocol receives insufficient value

Impact

Since the mark price calculation uses unconstrained skew values during liquidation valuation, positions can be liquidated at prices that significantly deviate from fair market value. Large positions near or beyond skew limits could experience extreme price impacts, leading to substantial mispricing during the liquidation. This affects the notional value calculation which directly determines the liquidation proceeds, potentially causing material losses to either the liquidated user (if overvalued) or the protocol (if undervalued). While this only impacts positions being liquidated, the magnitude of potential mispricing for individual liquidations is unbounded mathematically within the code, warranting a high severity rating.

Recommendation

Add price impact bounds to getMarkPrice:

function getMarkPrice(...) {

// Bound the skew used for price impact to maxSkew

SD59x18 boundedNewSkew = Math.min(newSkew.abs(), maxSkew).mul(newSkew.signum());

// Use bounded skew for price impact calculation

SD59x18 priceImpactAfterDelta = boundedNewSkew.div(skewScale);

...

}

This maintains the ability to execute liquidations beyond skew limits while ensuring price impacts remain bounded.

Updates

Lead Judging Commences

inallhonesty Lead Judge

6 months ago

inallhonesty Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

70,000 USDC

nSLOC

3,258

21 USDC / LOC

High Medium

66,500

Low

3,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.