The protocol determines the Margin Ratio of a user by considering both the market (spot) price and the oracle price. . The system is (potentially) vulnerable to two potentially harmful scenarios as the result of price manipulations:
False positive liquidations (liquidations that occur but shouldn't)
False negative liquidations (liquidations that should occur but don't)
To address these scenarios, the protocol selects the better of the two prices for liquidations. This approach reduces the occurrence of false negative liquidations, but it increases the likelihood of false positive liquidations.
It is important to note that the probability of price manipulation for an oracle price is generally lower than that of the market price. Additionally, perpetual futures require a valid oracle price for accurate pricing. Therefore, having the protection against oracle price manipulations is not effective.
Impact
An attacker can manipulate the market price upwards and artificially increase the value of users' long positions. The users can now no longer be liquidated even when they should.
It is recommended to avoid using the market spot price for margin calculations due to its susceptibility to manipulation.
Using the market price for opening a position is unproblematic, since it the worse case the user is mistakenly hindered by opening a position and looses not funds directly.
However, when it comes to liquidations, it is advisable to opt for the oraclePrice or marketTwap as they are harder to manipulate.
0x3e84fa45
medium
Spot market price used as oracle for liquidations
Summary
The protocol uses the market (spot) price to calculate the pnl / positional of a position. This approach can result in certain positions not being liquidated when they should be and the generation of bad debt.
Vulnerability Detail
The protocol determines the
Margin Ratioof a user by considering both the market (spot) price and the oracle price. . The system is (potentially) vulnerable to two potentially harmful scenarios as the result of price manipulations:To address these scenarios, the protocol selects the better of the two prices for liquidations. This approach reduces the occurrence of false negative liquidations, but it increases the likelihood of false positive liquidations.
It is important to note that the probability of price manipulation for an oracle price is generally lower than that of the market price. Additionally, perpetual futures require a valid oracle price for accurate pricing. Therefore, having the protection against oracle price manipulations is not effective.
Impact
An attacker can manipulate the market price upwards and artificially increase the value of users' long positions. The users can now no longer be liquidated even when they should.
Code Snippet
https://github.com/sherlock-audit/2023-04-hubble-exchange/blob/main/hubble-protocol/contracts/AMM.sol#L329-L336 https://github.com/sherlock-audit/2023-04-hubble-exchange/blob/main/hubble-protocol/contracts/AMM.sol#L485
Tool used
Manual Review
Recommendation
It is recommended to avoid using the market spot price for margin calculations due to its susceptibility to manipulation. Using the market price for opening a position is unproblematic, since it the worse case the user is mistakenly hindered by opening a position and looses not funds directly. However, when it comes to liquidations, it is advisable to opt for the
oraclePriceormarketTwapas they are harder to manipulate.