search

sherlock-audit / 2023-09-perennial-judging

0 stars 0 forks source link

[Post-Contest] `MultiInvoker._liquidate` doesn't adjust current position leading to liquidation revert if invalid oracle version happens #60

Closed panprog closed 11 months ago

panprog commented 11 months ago

MultiInvoker._liquidate: https://github.com/sherlock-audit/2023-09-perennial/blob/e518bbd77bd06ae9c663a31c67d9530a87d2dabb/perennial-v2/packages/perennial-extensions/contracts/MultiInvoker.sol#L229

The problem here is that Market can invalidate some pending position and currentPosition will change, thus liquidation will happen with the new (invalidated) currentPosition, but MultiInvoker._liquidate takes currentPosition unadjusted. Moreover, it should be adjusted to settled latestPosition, not to latestPosition which is available right away (which is not yet settled to latest oracle), so it should be adjusted to MultiInvoker._latest()

kbrizzle commented 11 months ago

Fixed by: https://github.com/equilibria-xyz/perennial-v2/pull/115.

panprog commented 11 months ago

Fixed.