Liquidity Management

Summary

A logic error was identified in the _validatePrice() function of the KeeperProxy contract. Specifically, when validating the long token price, the code incorrectly compares the longToken price against the indexTokenPrice instead of longTokenPrice. This misalignment in price validation can lead to invalid price checks, resulting in potentially accepting incorrect or stale market prices during position management operations. This issue can expose users to poor trade execution, losses, and increased liquidation risks.

Vulnerability Details

• The _validatePrice() function is intended to compare market prices (min and max) obtained off-chain with Chainlink oracles for the respective tokens involved in a trading market (e.g., ETH, USDC, etc.).

• However, the validation for the longToken is incorrectly using prices.indexTokenPrice instead of prices.longTokenPrice.

• This results in validating the wrong price against the Chainlink oracle for the longToken.

• As a result, a wildly different price could be considered valid, leading to bad trades being executed by the keeper.

Impact

Medium

Likelihood: Medium

Tools Used

Manual Code Review – Inspection of KeeperProxy.sol and StructData.sol (MarketPrices struct).

Recommendations

On KeeperProxy.som remove lines 176 AND 177

_check(marketData.longToken, prices.indexTokenPrice.min);

_check(marketData.longToken, prices.indexTokenPrice.max);

Add Lines with the correct check instead:

_check(marketData.longToken, prices.longTokenPrice.min);

_check(marketData.longToken, prices.longTokenPrice.max);