Liquidity Management

Summary

The PerpetualVault contract calculates the effective “increased” deposit value using the formula:

This value represents the net collateral after fees and the effect of price impact. However, without a robust check against slippage, an attacker or extreme market conditions could force an excessively high positive price impact. This would reduce the increased value to a level where the user effectively receives a very small number of shares—potentially causing a loss compared to their original deposit. Although the system intends to protect users from losses, the absence of a minimum acceptable value check means that the final outcome could inadvertently expose users to adverse slippage.

Vulnerability Details

The calculation of increased does not include a minimum threshold check after subtracting fees and applying price impact.

• The function getPriceImpactInCollateral computes price impact based on expected versus actual token amounts. If the price impact is significantly positive, the subtraction

  increased = amount - feeAmount - uint256(priceImpact) - 1;

  could lead to an increased value that is too low, resulting in an under-allocation of shares.

Impact

Financial Loss: Users depositing collateral could receive a far lower share allocation than warranted, leading to losses when they later withdraw funds.

• User Trust: This undermines the contract’s promise to protect user funds from unfavorable execution outcomes, potentially eroding trust in the system.

• Attack Surface: The lack of a minimum acceptable value check opens the possibility for front-running or manipulation by attackers under volatile market conditions.

Tools Used

Manual review

Recommendations

After computing increased, add a require statement that ensures the value is above a pre-defined minimum threshold:

Here, minAcceptableAmount can be determined off-chain or set as a contract parameter, representing the minimum value (or percentage of amount - feeAmount) that the user should receive.