Asset price determination
Summary
The Perpetual Vault Protocol uses external price feeds for asset prices, which could be susceptible to manipulation via flash loans or donations.
Vulnerability Details
The KeeperProxy contract relies on Chainlink price feeds to validate market prices. If these feeds are manipulated through flash loans or donations, it could lead to incorrect price validation and potential financial losses for users.
Impact
Manipulated prices could result in incorrect position sizes or values, leading to financial losses for users and undermining the integrity of the protocol.
Tools Used
Manual code review
Recommendations
Implement additional checks and validations, such as using multiple price feeds or implementing a time-weighted average price (TWAP) to reduce the impact of short-term price manipulation.
Lead Judging Commences
Suppositions
There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.