Closed sherlock-admin closed 1 year ago
3 comment(s) were left on this issue during the judging contest.
141345 commented:
d
darkart commented:
Write a POC and escalate
panprog commented:
invalid because it's not in the protocol specs to account for worst case price
feelereth
high
A malicious miner could manipulate prices to liquidate positions inappropriately
Summary
position liquidations in the _invariant function do not check for worst case loss scenarios
Vulnerability Detail
This Link only checks the current price, not a worst case price move
The _invariant function is used to verify that certain conditions are met before allowing a position update. This includes checking that the position is sufficiently collateralized. However, it only checks the current collateralization based on the latest oracle price. It does not consider the worst case loss if the price were to move against the position. A malicious miner could exploit this by:
Impact
A malicious miner could manipulate prices to liquidate positions inappropriately
Code Snippet
https://github.com/sherlock-audit/2023-07-perennial/blob/main/perennial-v2/packages/perennial/contracts/Market.sol#L510-L512
Tool used
Manual Review
Recommendation
the contract could consider the largest possible loss if the price moved to the limit boundary.