Lack of input validation on key function parameters is a best-practice. Not applying sanity/threshold checks will allow incorrect values to be set and affect the security and functionality of the markets.
The codebase has no input validation (sanity/threshold checks) on key market parameters both in constructor and setter functions. Given that markets are allowed to be created by anyone in a permissionless manner, it becomes more important to enforce sanity/threshold validation on market parameters to increase confidence in them and prevent malicious owners from exploiting their users. The sanity/threshold values may be configurable by the TracerDAO instead of hardcoding and enforcing unilaterally.
Impact: Markets are created with absurd values of feeRate, maxLeverage, fundingRateSensitivity, deleveragingCliff, lowestMaxLeverage or insurancePoolSwitchStage. Users fail to check or understand the impact of these absurd values and get exploited.
While not exactly the same (not referencing the same contracts) the premise is the same that no sanity check thresholds are set and not enough information is released via events.
Handle
0xRajeev
Vulnerability details
Impact
Lack of input validation on key function parameters is a best-practice. Not applying sanity/threshold checks will allow incorrect values to be set and affect the security and functionality of the markets. The codebase has no input validation (sanity/threshold checks) on key market parameters both in constructor and setter functions. Given that markets are allowed to be created by anyone in a permissionless manner, it becomes more important to enforce sanity/threshold validation on market parameters to increase confidence in them and prevent malicious owners from exploiting their users. The sanity/threshold values may be configurable by the TracerDAO instead of hardcoding and enforcing unilaterally.
Impact: Markets are created with absurd values of feeRate, maxLeverage, fundingRateSensitivity, deleveragingCliff, lowestMaxLeverage or insurancePoolSwitchStage. Users fail to check or understand the impact of these absurd values and get exploited.
Proof of Concept
See similar Major-severity finding from Consensys Diligence Audit of Shell Protocol: https://consensys.net/diligence/audits/2020/06/shell-protocol/#certain-functions-lack-input-validation-routines
https://github.com/code-423n4/2021-06-tracer/blob/74e720ee100fd027c592ea44f272231ad4dfa2ab/src/contracts/TracerPerpetualSwaps.sol#L110-L116
https://github.com/code-423n4/2021-06-tracer/blob/74e720ee100fd027c592ea44f272231ad4dfa2ab/src/contracts/TracerPerpetualSwaps.sol#L548-L570
Tools Used
Manual Analysis
Recommended Mitigation Steps
Add reasonable sanity/threshold checks and make them configurable by the TracerDAO.