volodya - minAcceptablePortionLF is not being enforced on the partial opening positions which leads to liquidators receiving fewer funds than protocol promised to the liquidator

[sherlock-admin]

volodya

medium

minAcceptablePortionLF is not being enforced on the partial opening positions which leads to liquidators receiving fewer funds than protocol promised to the liquidator

Summary

minAcceptablePortionLF is not being enforced on the partial opening positions which leads to liquidators receiving fewer funds than protocol promised to the liquidator

Vulnerability Detail

The same thing in all of those function requestToClosePosition, openPosition, closeQuote where check for minAcceptableQuoteValue exist should be a check for minAcceptablePortionLF

There is no validation in openPosition like its done in sendQuote on minAcceptablePortionLF.
Liquidation for partyA is successful when quoteLayout.partyAPositionsCount[partyA] == 0

            );
            LockedValues memory appliedFilledLockedValues = filledLockedValues;
            appliedFilledLockedValues = appliedFilledLockedValues.mulMem(openedPrice);
            appliedFilledLockedValues = appliedFilledLockedValues.divMem(quote.requestedOpenPrice);
            // check that opened position is not minor position
            require(
                appliedFilledLockedValues.total() >=
                SymbolStorage.layout().symbols[quote.symbolId].minAcceptableQuoteValue,
                "PartyBFacet: Quote value is low"
            );
            // check that new pending position is not minor position
            require(
                (quote.lockedValues.total() - filledLockedValues.total()) >=
                SymbolStorage.layout().symbols[quote.symbolId].minAcceptableQuoteValue,
                "PartyBFacet: Quote value is low"
            );

facets/PartyB/PartyBFacetImpl.sol#L189

        require(
            lockedValues.lf >=
                (symbolLayout.symbols[symbolId].minAcceptablePortionLF * lockedValues.total()) /
                    1e18,
            "PartyAFacet: LF is not enough"
        );

facets/PartyA/PartyAFacetImpl.sol#L57

Impact

minAcceptablePortionLF is not being enforced on the partial opening positions which leads to liquidators receiving fewer funds than protocol promised to the liquidator

Code Snippet

Tool used

Manual Review

Recommendation

Add minAcceptablePortionLF check

            require(
                appliedFilledLockedValues.total() >=
                SymbolStorage.layout().symbols[quote.symbolId].minAcceptableQuoteValue,
                "PartyBFacet: Quote value is low"
            );
            // check that new pending position is not minor position
            require(
                (quote.lockedValues.total() - filledLockedValues.total()) >=
                SymbolStorage.layout().symbols[quote.symbolId].minAcceptableQuoteValue,
                "PartyBFacet: Quote value is low"
            );
+            require(
+                appliedFilledLockedValues.lf >=
+                (symbolLayout.symbols[quote.symbolId].minAcceptablePortionLF * appliedFilledLockedValues.total()) /
+                1e18,
+                "PartyAFacet: LF is not enough"
+            );
+            require(
+                quote.lockedValues.lf - filledLockedValues.lf >=
+                (symbolLayout.symbols[quote.symbolId].minAcceptablePortionLF * (quote.lockedValues.total() - filledLockedValues.total())) /
+                1e18,
+                "PartyAFacet: LF is not enough"
+            );

Duplicate of #248