That means that _accumulator.accumulate will be called for the settlementVersion to currentOracleVersion period, which will accumulate fees that are based on time.
As result traders will have to pay another side fees for the time, when they actually can't change position.
Another problem is that some of them may become liquidatable and will not have time to change that.
Impact
Traders overpay fees and may become liquidatable.
Code Snippet
Provided above
Tool used
Manual Review
Recommendation
Any kind of fees should be not accrued during the period, where traders didn't have ability to change positions.
rvierdiiev
medium
Traders should pay fee for the oposite side for the whole time, when protocol was paused
Summary
Traders should pay fee for the oposite side for the whole time, when protocol was paused.
Vulnerability Detail
Perennial protocol can be paused at any moment. In this case none of Product's external functions will work, as they use
notPausedmodifier.That means that user's will not be able to change their positions.
And when protocol will be unpaused, then
settlefunction will be called. This function will accumulate fee for 2 ranges: one is from latestVersion to settlementVersion and second is from settlementVersion to currentOracleVersion.That means that
_accumulator.accumulatewill be called for the settlementVersion to currentOracleVersion period, which will accumulate fees that are based on time.As result traders will have to pay another side fees for the time, when they actually can't change position.
Another problem is that some of them may become liquidatable and will not have time to change that.
Impact
Traders overpay fees and may become liquidatable.
Code Snippet
Provided above
Tool used
Manual Review
Recommendation
Any kind of fees should be not accrued during the period, where traders didn't have ability to change positions.
Duplicate of #190