Shambolic Mint Dinosaur
High
The update function allows updating positions and collateral in the same transaction without delays, risking flash loan exploits.
In https://github.com/sherlock-audit/2025-01-perennial-v2-4-update/blob/main/perennial-v2/packages/core/contracts/Market.sol#L232 the update function allows changing positions and collateral in the same transaction, enabling attackers to bypass collateral checks via flash loans. The collateral parameter allows users to deposit (Fixed6 > 0) or withdraw (Fixed6 < 0) collateral in the same transaction as position updates. The key vulnerable logic lies in the _updateMarket function which directly processes collateral changes without enforcing a cooldown. The code does not enforce a delay between deposits and withdrawals.
In https://github.com/sherlock-audit/2025-01-perennial-v2-4-update/blob/main/perennial-v2/packages/core/contracts/Market.sol#L752 the collateral is updated.
In https://github.com/sherlock-audit/2025-01-perennial-v2-4-update/blob/main/perennial-v2/packages/core/contracts/Market.sol#L771 the withdrawal is made.
No response
No response
1.Deposit Collateral: update(account, Fixed6.wrap(0), Fixed6.wrap(0), Fixed6.wrap(1000e18), referrer); 2.Borrow Against Collateral: update(account, Fixed6.wrap(0), Fixed6.wrap(-500e18), Fixed6.wrap(0), referrer); // Short 500 tokens 3.Withdraw Collateral in Same Transaction: update(account, Fixed6.wrap(0), Fixed6.wrap(0), Fixed6.wrap(-1000e18), referrer); // Withdraw all
1.Flash loans can bypass collateral checks. 2.An attacker deposits collateral, borrows assets, and withdraws collateral in the same transaction, leaving the protocol undercollateralized,violating protocol solvency.
No response
Enforce a 1-block delay for withdrawals after deposits.