Skip to content

Latest commit

 

History

History
105 lines (82 loc) · 4.12 KB

022.md

File metadata and controls

105 lines (82 loc) · 4.12 KB

Raspy Black Giraffe

High

Vault and Market Contracts Will Cause Over-Leveraged Positions Affecting Vault Users

Summary

The absence of risk parameter validation in both the Vault’s _retarget function and the Market contract’s update functions will cause vault users to suffer losses due to over-leveraged or under-collateralized positions.

Root Cause

In Vault.sol:_retarget: The function directly calls market.update without validating target positions against the Market’s risk parameters (max leverage, position size, collateral requirements)

function _retarget(
    Registration memory registration,
    Target memory target,
    bool shouldRebalance
) private {
    registration.market.update(
        address(this),
        shouldRebalance ? target.maker : Fixed6Lib.ZERO,
        shouldRebalance ? target.taker : Fixed6Lib.ZERO,
        target.collateral,
        address(0)
    );
}

In Market.sol:update functions: The Market’s update functions lack explicit safeguards for risk parameters

function update(
    address account,
    UFixed6 newMaker,
    UFixed6 newLong,
    UFixed6 newShort,
    Fixed6 collateral,
    bool protect,
    address referrer
) public nonReentrant whenNotPaused {
    // No visible checks for max leverage or collateral adequacy
    Order memory newOrder = OrderLib.from(...); // Risk checks not confirmed
    _updateAndStore(...); // Implementation hidden
}

Internal Pre-conditions

1- The Vault’s strategy (_strategy) generates target positions exceeding the Market’s risk limits. 2- The Market’s internal functions (_updateAndStore, OrderLib.from) fail to enforce RiskParameter constraints (e.g., maxLeverage, minCollateral). 3- The Market’s updateRiskParameter function does not retroactively validate existing positions.

External Pre-conditions

1- The Market’s oracle provides volatile prices that exacerbate over-leveraged positions.

Attack Path

1- The Vault’s strategy calculates a target position exceeding the Market’s maxLeverage (e.g., 10x leverage when the Market allows 5x). 2- The Vault calls _retarget, passing the invalid target to market.update. 3- The Market’s update function processes the request without validating against RiskParameter constraints. 4- The Market’s internal functions (e.g., _updateAndStore) fail to reject the over-leveraged position. 5- During market volatility, the position becomes under-collateralized and is liquidated, causing losses to vault users.

Impact

Vault users suffer a complete loss of deposited assets due to forced liquidations or protocol insolvency. The Market may accumulate bad debt, destabilizing the entire protocol

PoC

No response

Mitigation

1- Vault-Level Fix: Add explicit risk checks in _retarget before calling market.update :

function _retarget(...) private {
    // Fetch Market’s risk parameters
    RiskParameter memory params = registration.market.riskParameter();
    
    // Validate leverage
    UFixed6 leverage = target.leverage(); // Calculate leverage based on position/collateral
    require(leverage.lte(params.maxLeverage), "Vault: Over-leveraged");
    
    // Validate collateral
    require(target.collateral.gte(params.minCollateral), "Vault: Insufficient collateral");
    
    // Proceed with update
    registration.market.update(...);
}

2- Market-Level Fix: Ensure internal functions (_updateAndStore, OrderLib.from) enforce risk parameters :

// Inside Market.sol’s _updateAndStore:
function _updateAndStore(...) internal {
    // Validate against RiskParameter
    RiskParameter memory params = riskParameter();
    require(position.size().lte(params.maxPosition), "Market: Position too large");
    require(collateral.gte(params.minCollateral), "Market: Insufficient collateral");
    // ...
}