Closed sherlock-admin3 closed 1 month ago
Escalate
On behalf of the watson
Escalate
On behalf of the watson
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
I don't understand how the issue happen, how does opening two positions in different directions (i.e. both long an short) leads to LPs suffering a loss?
If no answer is provided, planning to reject the escalation and leave the issue as it is.
Result: Invalid Unique
4gontuk
Medium
Traders can manipulate spread protection by exploiting position size omission in
api.vy::CONTEXT
Summary
The omission of position size in the
CONTEXT
function will cause a bypass of spread protection for liquidity providers (LPs) as traders will open a small reverse position before their intended larger position, potentially causing financial losses for LPs.Root Cause
In
gl-sherlock/contracts/api.vy
, the[CONTEXT
function](https://github.com/sherlock-audit/2024-08-velar-artha/blob/main/gl-sherlock/contracts/api.vy#L53-L71) does not consider the size of the new position when calculating the price with the oracle.Example:
api.vy:53-71
, theCONTEXT
function does not include the position size in its price calculation.Internal pre-conditions
External pre-conditions
open()
calls.Attack Path
open()
inapi.vy:131-158
to set a small reverse position.open()
again to set the intended larger position.Impact
The LPs suffer an increased risk of financial loss as the spread protection is bypassed, leading to potential manipulation of the trading mechanism. Traders gain an unfair advantage by effectively opening large positions without incurring the appropriate spread, which could result in significant losses for LPs over time.
PoC
Mitigation
To mitigate this issue, the
CONTEXT
function should take into account the size of the new position when calculating the price.Additionally, the
open()
function inapi.vy
should be modified to pass the position size toCONTEXT
.