Lucky Peach Barbel
Medium
The validate function includes a check to ensure that positions are single-sided (i.e either entirely maker or taker, but not both). However, the logic is flawed in the following snippet:
if (!updateContext.currentPositionLocal.singleSided()) revert IMarket.MarketNotSingleSidedError();
if (
(!context.latestPositionLocal.maker.isZero() && !updateContext.currentPositionLocal.skew().isZero()) ||
(!context.latestPositionLocal.skew().isZero() && !updateContext.currentPositionLocal.maker.isZero())
) revert IMarket.MarketNotSingleSidedError();The issue arises because the second condition redundantly checks the same state as the first condition (updateContext.currentPositionLocal.singleSided()). Additionally, the validation does not account for pending positions (context.pendingLocal), which could result in a state where the current position appears single-sided, but the pending position introduces a mixed state (both maker and taker). This oversight could allow a position to transition into an invalid mixed state during execution.
System could allow positions to become mixed (both maker and taker), violating the single-sided invariant. This could lead to incorrect margin calculations, unfair liquidations, or other unintended behaviors that compromise the integrity of the market.
Update the validation logic to include pending positions and ensure the single-sided invariant is enforced holistically.