The value of `FORCE_EXERCISE_COST` may be too low and make forced exercises very cheap

[c4-bot-10]

Lines of code

https://github.com/code-423n4/2024-06-panoptic/blob/153f0d82440b7e63075d55b0659706531431145f/contracts/CollateralTracker.sol#L747

Vulnerability details

The README contains the following line :

For the purposes of this competition, assume the constructor arguments to the CollateralTracker are: 10, 2_000, 1_000, -128, 5_000, 9_000, 20_000

This means the intended value of FORCE_EXERCISE_COST is -128 in basis points. The exercise cost is calculated as follows :

            int256 fee = (FORCE_EXERCISE_COST >> (maxNumRangesFromStrike - 1)); // exponential decay of fee based on number of half ranges away from the price

            // store the exercise fees in the exerciseFees variable
            exerciseFees = exerciseFees
                .toRightSlot(int128((longAmounts.rightSlot() * fee) / DECIMALS_128))
                .toLeftSlot(int128((longAmounts.leftSlot() * fee) / DECIMALS_128));

A value of -128 means that the highest possible exercise cost will be approximately 1% of longAmounts of user's positions, which makes forced exercises extremely cheap. The incorrectness of the mentioned value can also be verified through PanopticPool.t.sol, where the value is taken as -1024 :

collateralReference = address(
            new CollateralTracker(10, 2_000, 1_000, -1_024, 5_000, 9_000, 20_000)
        );

This value is more appropriate for pricing forced exercises.

Impact

Cheaper forced exercises will destabilize the protocol and cause frequent movement in users' positions and liquidity across the protocol. This is harmful to the overall health of the protocol

Proof of Concept

Tools Used

Manual Review

Recommended Mitigation Steps

Change the value to -1024

Assessed type

Other