Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bareli - wrong implement of "is_liquidatable" #67

Closed
sherlock-admin2 opened this issue Sep 9, 2024 · 0 comments
Closed

bareli - wrong implement of "is_liquidatable" #67

sherlock-admin2 opened this issue Sep 9, 2024 · 0 comments
Labels
Non-Reward This issue will not receive a payout

Comments

@sherlock-admin2
Copy link
Contributor

sherlock-admin2 commented Sep 9, 2024
edited by sherlock-admin3
Loading

bareli

Medium

wrong implement of "is_liquidatable"

Summary

if pnl.remaining ==required then it will be liquidatable.

Vulnerability Detail

def is_liquidatable(position: PositionState, pnl: PnL) -> bool:
"""
A position becomes liquidatable when its current value is less than
a configurable fraction of the initial collateral, scaled by
leverage.
"""
# Assume liquidation bots are able to check and liquidate positions
# every N seconds.
# We would like to avoid the situation where a position's value goes
# negative (due to price fluctuations and fee obligations) during
# this period.
# Roughly, the most a positions value can change is
# leverage * asset price variance + fees
# If N is small, this expression will be ~the price variance.
# E.g. if N = 60 and we expect a maximal price movement of 1%/minute
# we could set LIQUIDATION_THRESHOLD to 1 (* some constant to be on the
# safe side).
percent : uint256 = self.PARAMS.LIQUIDATION_THRESHOLD * position.leverage
required: uint256 = (position.collateral * percent) / 100
@>> return not (pnl.remaining > required)

Impact

pnl.remaining ==required then it will be liquidatable.

Code Snippet

https://github.com/sherlock-audit/2024-08-velar-artha/blob/main/gl-sherlock/contracts/params.vy#L138

Tool used

Manual Review

Recommendation

return not (pnl.remaining >= required)

Duplicate of #17
@github-actions github-actions bot added Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A Medium severity issue. labels Sep 11, 2024
@sherlock-admin3 sherlock-admin3 changed the title Joyful Punch Fly - wrong implement of "is_liquidatable" bareli - wrong implement of "is_liquidatable" Sep 11, 2024
@sherlock-admin3 sherlock-admin3 added the Reward A payout will be made for this issue label Sep 11, 2024
@sabatha7 sabatha7 mentioned this issue Oct 9, 2024
Closed
@WangSecurity WangSecurity removed the Medium A Medium severity issue. label Oct 12, 2024
@sherlock-admin2 sherlock-admin2 added Non-Reward This issue will not receive a payout and removed Reward A payout will be made for this issue labels Oct 12, 2024
@sherlock-admin3 sherlock-admin3 removed the Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label label Oct 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@WangSecurity @sherlock-admin2 @sherlock-admin3