Incorrect Collateral Calculation in `willPositionCollateralBeSufficient` Allows Under-Collateralized Positions
The function willPositionCollateralBeSufficient incorrectly calculates the remaining collateral by multiplying the collateral amount by the token price without normalizing using FLOAT_PRECISION (10^30), leading to an inflated collateral value. Specifically, the calculation:
does not divide by FLOAT_PRECISION, causing an overestimation of collateral in USD terms. Additionally, when deducting realized PnL, a negative realizedPnlUsd is directly added to remainingCollateralUsd without validating whether remainingCollateralUsd is already lower than the absolute value of realizedPnlUsd, which could lead to an integer underflow. These issues allow traders to bypass proper margin enforcement by artificially inflating their collateral, potentially opening under-collateralized leveraged positions that should not be allowed.
Impact:
Traders can bypass collateral requirements, opening under-collateralized positions that expose the protocol to insolvency risk if liquidations fail to cover potential losses.
Mitigation:
Normalize the collateral calculation by dividing by FLOAT_PRECISION and explicitly handle underflow in remainingCollateralUsd before deducting realizedPnlUsd.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.