Incomplete Price Range Validation in validateStopPrice
Function
#146
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-71
🤖_78_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Lines of code
https://github.com/code-423n4/2024-05-predy/blob/a9246db5f874a91fb71c296aac6a66902289306a/src/markets/perp/PerpMarketLib.sol#L138-L176
Vulnerability details
Proof of Concept
The vulnerability in question pertains to the
validateStopPrice
function within thePerpMarketLib
contract, which oversees the validation of trade prices using the Bps library's upper and lower functions. Here's a detailed analysis of how this vulnerability manifests and its implications:Code Snippet Analysis:
PerpMarketLib.sol#L138-L176
validateStopPrice
function checks either the upper (Bps.upper
) or lower (Bps.lower
) price bounds based on thetradeAmount
parameter:tradeAmount > 0
(indicating a buy order), it validates the stop price (stopPrice
) againstoraclePrice
and checks iftradePrice
exceeds the upper bound (Bps.upper(oraclePrice, decayedSlippageTorelance)
).tradeAmount < 0
(indicating a sell order), it validates the stop price (stopPrice
) againstoraclePrice
and checks iftradePrice
falls below the lower bound (Bps.lower(oraclePrice, decayedSlippageTorelance)
).tradeAmount
), not both simultaneously. This approach introduces a vulnerability where:tradeAmount > 0
andtradePrice
exceeds the upper bound, the function might allow trades to proceed at prices higher than intended, potentially leading to overpayment by buyers.tradeAmount < 0
andtradePrice
falls below the lower bound, the function might permit trades at prices lower than intended, resulting in underpayment to sellers.Impact
Allows trades to be executed at prices outside of the intended range when only one price bound (upper or lower) is validated
Tools Used
Manual
Recommended Mitigation Steps
Modify the
validateStopPrice
function to validate both the upper and lower price bounds regardless of the direction of the trade (tradeAmount
).Assessed type
Other
The text was updated successfully, but these errors were encountered: