sherlock-admin
commented
5 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
Closed sherlock-admin2 closed 5 months ago
sherlock-admin
commented
5 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
dimulski
medium
Liquidations can be executed immediately after protocol is unpaused, not giving chance to users with long positions to increase their margin to account for the fees that they may have accrued
Summary
Adjusting leverage positions can be paused by the owner of the contract, as well as liquidations. However there is no minimum amount of time that an order for liquidation has to wait to be executed, on the other side an order to adjust a long position has to wait at least 5 seconds(according to the deployment scripts) before it can be executed by a keeper. As a result users that opened long positions, if the market skew is positive will accrue funding fees during the time the protocol is paused. But they won't be able to adjust their positions to increase their margin in order to cover for the fees, before liquidations are executed. Keep in mind this doesn't require front running of any sort. Blocks on base are produced every 2 seconds on average. Also everybody can call the liquidation function, and collect the liquidation fee.
Vulnerability Detail
Summary
Impact
Leverage positions will be force liquidated while their owners won't be able to increase their margin in order to cover the accrued fees.
Code Snippet
LiquidationModule.sol#L85-L143
Tool used
Manual Review
Recommendation
Consider adding some time buffer, that has to pass when the protocol has been paused and later unpaused in the liquidation function.
Duplicate of #206