Claim liquidation escrow #2

code423n4 · 2021-06-28T15:31:57Z

Handle

gpersoon

A liquidator can always claim the liquidation escrow in the following way:

create a second account
setup a complimentary trade in that second account, which will result in a large slippage when executed
call executeTrade (which everyone can call), to execute a trade between his own two accounts with a large slippage
the slippage doesn't hurt because the liquidator owns both accounts
call claimReceipt with the receiptId of the executed order, within the required period (e.g. 15 minutes)

// https://github.com/code-423n4/2021-06-tracer/blob/main/src/contracts/Trader.sol#L67
function executeTrade(Types.SignedLimitOrder[] memory makers, Types.SignedLimitOrder[] memory takers) external override {

https://github.com/code-423n4/2021-06-tracer/blob/main/src/contracts/Liquidation.sol#L394
function claimReceipt( uint256 receiptId, Perpetuals.Order[] memory orders, address traderContract) external override {

perhaps limit who can call executeTrade

raymogg · 2021-07-05T04:22:52Z

Valid issue which would allow someone to get reimbursed for slippage against themselves.

The Trader contract will have whitelisted relayers added to prevent issues like this (similar to #119)

code423n4 added bug Something isn't working 2 (Med Risk) labels Jun 28, 2021

code423n4 added a commit that referenced this issue Jun 28, 2021

gpersoon issue #2

a6c723a

raymogg added the sponsor acknowledged label Jul 5, 2021

raymogg added sponsor confirmed and removed sponsor acknowledged labels Jul 8, 2021