A malicious market maker can take advantage of a wide bid–ask spread in the order book of a low liquidity market where the indexPrice falls within that spread. By strategically placing bid and ask orders within the spread, the market maker can manipulate the midPriceindexPrice bias to controll the funding rate.
Impact
Malicious user can manipluate the funding rate of a low liquidity market.
n33k
high
Funding rate can be manipulated
Summary
The funding rate is calculated as
P=(midPrice−indexPrice)/indexPrice. This formule is week and can be manipulated.Doc to the funding rate.
https://jojo-docs.netlify.app/funding-rate
Vulnerability Detail
A malicious market maker can take advantage of a wide bid–ask spread in the order book of a low liquidity market where the
indexPricefalls within that spread. By strategically placing bid and ask orders within the spread, the market maker can manipulate themidPriceindexPricebias to controll the funding rate.Impact
Malicious user can manipluate the funding rate of a low liquidity market.
Code Snippet
No contract code. This is just a placeholder.
https://github.com/sherlock-audit/2023-04-jojo/blob/main/smart-contract-EVM/contracts/impl/Perpetual.sol#L1
Tool used
Manual Review
Recommendation
Take into account the orders matched with JOJO's liquidity to measure market demonds.