WATCHPUG - Suden price change can result in collateral shortfall and bad debt

[sherlock-admin]

WATCHPUG

high

Suden price change can result in collateral shortfall and bad debt

Summary

Vulnerability Detail

When the time comes that the price suddenly drops ("flash crash") or a special occurrence happens where the entire blockchain experiences downtime (happened to OP, Polygon, Arbitrum, and BSC), resulting in an inevitable sudden price change, one price update may result in a major shortfall on some of the positions, which means bad debt.

PoC

Given:

There are only two users, one with a long position and another one with a short position:

• long: 10, collateral: 100
• short: 10, collateral: 100
• maker: 0
• price: 5

When:

1. The price suddenly rises to 20
2. PNL to long: 10 * 15 == 150, PNL to short: -150
3. After the settlements, the collateral amount of the long user the book will become 250 and -50 for the short user.

Impact

The last users won't be able to withdraw their funds when the real balance is running low, so there will be a bank run.

Code Snippet

https://github.com/sherlock-audit/2023-07-perennial/blob/main/perennial-v2/packages/perennial/contracts/types/Version.sol#L278-L293

Tool used

Manual Review

Recommendation

Consider introducing a new Gradual settlement method that handles sudden price changes.

By splitting the large change into multiple smaller price change settlements, each one should not exceed a certain percentage of change corresponding to the riskParameter.maintenance of the market.

For example, a price change from 5 to 10 can be split into 5 -> 6, 6 -> 7, 7 -> 8, 8 -> 9, 9 -> 10.

Each settlement should also close/liquidate positions with negative collateral.

[sherlock-admin]

1 comment(s) were left on this issue during the judging contest.

141345 commented:

l