Vulnerable unpause logic flow lead to unfair forced liquidations

Summary

Before pausing a protocol a position can be in good health.Once the protocol is paused that position cannot be updated. After resuming a pause, the position can immediately be liquidated if the positions falls below maintenance after settlement. This doesn't give the borrower a fair advantage to keep their collateral above maintenance.

Vulnerability Detail

Borrower opens a position
Perennial admins pause the protocol for unknown reason (handle attacks, upgrades, etc)
Borrower is incapable of updating their position to maintain good health (good maintenance)
Perennial admins unpause the protocol
Borrower instantly becomes liquidated by adversaries or bots when protocol resumes

Impact

Borrowers are liquidated without given the chance to credit their account to keep a healthy maintenance level on their open positions

Code Snippet

https://github.com/sherlock-audit/2023-05-perennial/blob/main/perennial-mono/packages/perennial/contracts/collateral/Collateral.sol#L108-L135

Tool used

Manual Review

Recommendation

The recommendation is to incorporate a threshold period (ie. 3hrs) so borrowers can update their positions to a healthy level after the protocol is unpaused.

Duplicate of #190

KenzoAgada commented 1 year ago

This can be considered as an un-mandatory "idea for improvement", but I think that the risk is there so this is a reasonable submission, and if I recall correctly, was accepted by Sherlock judges in the past.

arjun-io commented 1 year ago

By introducing a time delay to allow traders to optionally increase their collateral to meet maintenance requirements the Product runs the risk of going into further shortfall if the traders opt to not increase their margin. The fairest option for both liquidators and other traders in the protocol is to require that traders are paying attention and self-liquidate (to retain the fee) if they so chose.