position can be opened without premium #38
Comments
c4-bot-5
added
3 (High Risk)
|
0xleastwood marked the issue as primary issue |
c4-judge
added
the
primary issue
|
Good suggestion, will add a minimum premium parameter. Not agreeing with the severity though. In the worst case, the LP is still willing to close the position to reclaim liquidity. But will let the judge to ultimately decide. Thanks! |
|
This seems like a DoS on the LP's liquidity. It will still be possible for them to reclaim if they liquidate a position and subsequently withdraw their liquidity but this is still not ideal. I guess my final question would be do trader's lose any funds when creating positions with no premium? Is there a financial disincentive to do this? This would be the difference between QA and medium severity imo. For the time-being I will downgrade to medium. |
|
0xleastwood changed the severity to 2 (Med Risk) |
c4-judge
added
2 (Med Risk)
|
@wukong-particle I forgot to tag you in the above comment. |
|
Well, trader will lose their initial margin if the premium is 0 and got immediately liquidated. If the trader believes immediate liquidation won't happen (because there is no reward from premium), logically the trader will go with 0 premium because this would be the least amount of cost. We will add a minimum premium parameter here so we confirm the issue. |
|
wukong-particle (sponsor) confirmed |
c4-sponsor
added
the
sponsor confirmed
|
0xleastwood marked the issue as selected for report |
c4-judge
added
the
selected for report
|
@0xleastwood Isn't this a duplicate of #27? I think both describe the same core issue with different examples/scenarios |
|
0xleastwood marked the issue as not selected for report |
c4-judge
removed
the
selected for report
c4-judge
added
duplicate-27
and removed
primary issue
|
0xleastwood marked the issue as duplicate of #27 |
correct, it should be a duplicate of #27. Thanks |
|
0xleastwood marked the issue as satisfactory |
c4-judge
added
the
satisfactory
Lines of code
https://github.com/code-423n4/2023-12-particle/blob/main/contracts/protocol/ParticlePositionManager.sol#L240-L243
Vulnerability details
Description
Premium in
ParticlePositionManageris used to cover trading fees accrued for the liquidity borrowed. When liquidating, a portion of the premium is also used for the liquidation reward.The issue is that a borrower can open a position without any premium at all:
ParticlePositionManager::openPosition:params.tokenFrom/ToPremiumPortionMinare supplied by the borrower hence can be0.This removes any liquidation reward, since
closeCache.tokenFrom/ToPremiumis0:ParticlePositionManager::liquidatePosition:Thus any liquidation incentives are removed. Even if the position would immediately be liquidatable there would be no incentive to liquidate it. Other than possibly for the LP as they would get their liquidity back.
0premium also robs the liquidity provider of any fees that would have been accrued for their borrowed liquidity:ParticlePositionManager::_closePosition(same for the other branch ofzeroForOne):Here,
min(tokenOwed,tokenPremium)is taken, sincetokenPremiumwould be0no fees would be owed.Impact
A borrower can open a position without any premium. This removes any incentive to liquidate the position and also robs the liquidity provider of fees that would have been accrued.
In the extreme, if you for example open a long position above the price (thus with no leverage), a borrower will not need to provide any funds at all. Thus can spam positions like this locking liquidity providers liquidity and denying them fees (if the trading moves in their direction).
Proof of Concept
Actually, the basic test
testBaseOpenLongPositioninOpenPosition.t.solalready reproduces this:Tools Used
Manual audit
Recommended Mitigation Steps
Consider implementing a minimum enforced premium portion. Any premium portion would guarantee a reward to the liquidator.
Assessed type
Invalid Validation
The text was updated successfully, but these errors were encountered: