Missing slippage protection on _settleAccount function
Summary
Missing slippage protection on _settleAccount function
Vulnerability Detail
The _settleAccount function provides settlement of P&L per account by calculating the difference of value between current oracle version and (latest pre position oracle version or last settle oracle version). This function is being used every time a user need to open and close a position.
However, the procedure missed the slippage protection needed specially in situation with very high volatility in price between oracle versions. The result of calculation is immediately settled in collateral account without this protection.
Impact
The most immediate impact of not having slippage protection is the potential for unexpected losses. If the price of an asset changes significantly between the time a transaction is initiated and when it is executed, it can result in the trade being executed at a much less favorable price than anticipated.
Put a slippage protection right after calculation of value difference between oracle versions and before settlement to collateral account. It should revert the settlement function if slippage exceeds the allowable threshold.
Ocean_Sky
high
Missing slippage protection on _settleAccount function
Summary
Missing slippage protection on _settleAccount function
Vulnerability Detail
The _settleAccount function provides settlement of P&L per account by calculating the difference of value between current oracle version and (latest pre position oracle version or last settle oracle version). This function is being used every time a user need to open and close a position.
However, the procedure missed the slippage protection needed specially in situation with very high volatility in price between oracle versions. The result of calculation is immediately settled in collateral account without this protection.
Impact
The most immediate impact of not having slippage protection is the potential for unexpected losses. If the price of an asset changes significantly between the time a transaction is initiated and when it is executed, it can result in the trade being executed at a much less favorable price than anticipated.
Code Snippet
https://github.com/sherlock-audit/2023-05-perennial/blob/main/perennial-mono/packages/perennial/contracts/product/Product.sol#L154-L191
Tool used
Manual Review
Recommendation
Put a slippage protection right after calculation of value difference between oracle versions and before settlement to collateral account. It should revert the settlement function if slippage exceeds the allowable threshold.