-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
position can be opened without premium #38
Comments
0xleastwood marked the issue as primary issue |
Good suggestion, will add a minimum premium parameter. Not agreeing with the severity though. In the worst case, the LP is still willing to close the position to reclaim liquidity. But will let the judge to ultimately decide. Thanks! |
This seems like a DoS on the LP's liquidity. It will still be possible for them to reclaim if they liquidate a position and subsequently withdraw their liquidity but this is still not ideal. I guess my final question would be do trader's lose any funds when creating positions with no premium? Is there a financial disincentive to do this? This would be the difference between QA and medium severity imo. For the time-being I will downgrade to medium. |
0xleastwood changed the severity to 2 (Med Risk) |
@wukong-particle I forgot to tag you in the above comment. |
Well, trader will lose their initial margin if the premium is 0 and got immediately liquidated. If the trader believes immediate liquidation won't happen (because there is no reward from premium), logically the trader will go with 0 premium because this would be the least amount of cost. We will add a minimum premium parameter here so we confirm the issue. |
wukong-particle (sponsor) confirmed |
0xleastwood marked the issue as selected for report |
@0xleastwood Isn't this a duplicate of #27? I think both describe the same core issue with different examples/scenarios |
0xleastwood marked the issue as not selected for report |
0xleastwood marked the issue as duplicate of #27 |
correct, it should be a duplicate of #27. Thanks |
0xleastwood marked the issue as satisfactory |
Lines of code
https://github.com/code-423n4/2023-12-particle/blob/main/contracts/protocol/ParticlePositionManager.sol#L240-L243
Vulnerability details
Description
Premium in
ParticlePositionManager
is used to cover trading fees accrued for the liquidity borrowed. When liquidating, a portion of the premium is also used for the liquidation reward.The issue is that a borrower can open a position without any premium at all:
ParticlePositionManager::openPosition
:params.tokenFrom/ToPremiumPortionMin
are supplied by the borrower hence can be0
.This removes any liquidation reward, since
closeCache.tokenFrom/ToPremium
is0
:ParticlePositionManager::liquidatePosition
:Thus any liquidation incentives are removed. Even if the position would immediately be liquidatable there would be no incentive to liquidate it. Other than possibly for the LP as they would get their liquidity back.
0
premium also robs the liquidity provider of any fees that would have been accrued for their borrowed liquidity:ParticlePositionManager::_closePosition
(same for the other branch ofzeroForOne
):Here,
min(tokenOwed,tokenPremium)
is taken, sincetokenPremium
would be0
no fees would be owed.Impact
A borrower can open a position without any premium. This removes any incentive to liquidate the position and also robs the liquidity provider of fees that would have been accrued.
In the extreme, if you for example open a long position above the price (thus with no leverage), a borrower will not need to provide any funds at all. Thus can spam positions like this locking liquidity providers liquidity and denying them fees (if the trading moves in their direction).
Proof of Concept
Actually, the basic test
testBaseOpenLongPosition
inOpenPosition.t.sol
already reproduces this:Tools Used
Manual audit
Recommended Mitigation Steps
Consider implementing a minimum enforced premium portion. Any premium portion would guarantee a reward to the liquidator.
Assessed type
Invalid Validation
The text was updated successfully, but these errors were encountered: