okolicodes - Failure to Limit the value of assets a single liquidation can seize

[sherlock-admin]

okolicodes

high

Failure to Limit the value of assets a single liquidation can seize

Summary

One large liquidation of an account in a given market can create a snowball of liquidations as sell pressrure rises. Other market participants may sell their assets too, causing the assets price to plumment which in turn leads to even more unfair liquidations in the protocol

Vulnerability Detail

As you can see in the function below https://github.com/sherlock-audit/2023-07-perennial/blob/main/perennial-v2/packages/perennial-extensions/contracts/MultiInvoker.sol#L221C4-L221C4 A malicious user can open a huge debt position in a given market, call the liquidate function once offsetting the price of the asset thereby messing up the price of an asset to be able to profit from it which will be bad for other participants in the market

Impact

Given that an account in a given market has a huge debt, when positions that has huge debt are liquidated at once, the market interprets such a large acquisition of collateral as a sell-signal for these asset types. Therefore they should limit the volume of assets that a single liquidation can seize.

Code Snippet

https://github.com/sherlock-audit/2023-07-perennial/blob/main/perennial-v2/packages/perennial-extensions/contracts/MultiInvoker.sol#L221C4-L221C4

Tool used

Manual Review

Recommendation

Set a limit percentage to Make sure liquidation happens in bits in order to keep the stability of an asset

[sherlock-admin]

2 comment(s) were left on this issue during the judging contest.

141345 commented:

l

panprog commented:

invalid because it just makes assumptions about market participants, no concrete impact