Closed sherlock-admin closed 1 year ago
2 comment(s) were left on this issue during the judging contest.
141345 commented:
d
panprog commented:
invalid because owner is trusted and is assumed to know what he's doing, including change of leverage
feelereth
high
Updating market parameters like leverage could instantly liquidate positions
Summary
There is a risk of instant liquidation when updating market parameters like leverage in the Vault contract. The issue occurs in the updateMarket() function
Vulnerability Detail
Here the market's leverage is directly set to a new value. If the newLeverage is drastically lower than the current leverage, it could put the Vault's position on that market underwater. For example:
Impact
It could put the Vault's position on that market underwater
Code Snippet
https://github.com/sherlock-audit/2023-07-perennial/blob/main/perennial-v2/packages/perennial-vault/contracts/Vault.sol#L157-L167 https://github.com/sherlock-audit/2023-07-perennial/blob/main/perennial-v2/packages/perennial-vault/contracts/Vault.sol#L164
Tool used
Manual Review
Recommendation
add a constraint to maximum leverage change