Open sherlock-admin4 opened 4 months ago
The protocol team fixed this issue in the following PRs/commits: https://github.com/0xCedar/elfi-perp-contracts/pull/23
@mstpr Isn't this an OOS keeper bot error? Seems invalid
@mstpr Isn't this an OOS keeper bot error? Seems invalid
Not really.
1- Keepers were RESTRICTED in the contest which means they only execute positions. 2- Since opening positions are 2 step, creating request and executing it, if user opens a greedy position where it gets liquidatable by the time its actually executed then it wouldn't even be keepers fault
The Lead Senior Watson signed off on the fix.
mstpr-brainbot
High
Keepers can open positions that are already liquidatable
Summary
Users positions can be opened already liquidated because there are no checks when the position is opened whether the position is liquidatable or not.
Vulnerability Detail
When users submit their order requests, the requests are never validated to determine if they will be liquidatable immediately. That being said, in very volatile markets or with users' greedy positions, positions(isolated) or accounts(cross) can be liquidated immediately upon opening.
Coded PoC:
Impact
Protocol can be insolvent if the liquidation is too deep such that the accounts collateral is not enough to cover the potential losses.
Code Snippet
https://github.com/sherlock-audit/2024-05-elfi-protocol/blob/8a1a01804a7de7f73a04d794bf6b8104528681ad/elfi-perp-contracts/contracts/facets/OrderFacet.sol#L66-L87
https://github.com/sherlock-audit/2024-05-elfi-protocol/blob/8a1a01804a7de7f73a04d794bf6b8104528681ad/elfi-perp-contracts/contracts/process/OrderProcess.sol#L102-L234
Tool used
Manual Review
Recommendation
check if the opened position will make the account liquidatable at the end of the execute order.