Skip to content
This repository has been archived by the owner on Jan 7, 2024. It is now read-only.

simon135 - no check for exipred Price Timestamp like in PartyB which can cause price staleness #320

Closed
sherlock-admin opened this issue Jul 3, 2023 · 0 comments
Closed

simon135 - no check for exipred Price Timestamp like in PartyB which can cause price staleness #320

sherlock-admin opened this issue Jul 3, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Jul 3, 2023
edited by github-actions bot
Loading

simon135

high

no check for exipred Price Timestamp like in PartyB which can cause price staleness

Summary

In PartyB liquidation priceSig.timestamp is checked to be close to block.timstamp but in PartyA liquidation this is not checked which can cause some issues

Vulnerability Detail

The second step in liquidation for PartyA

        require(
            priceSig.timestamp <=
                maLayout.liquidationTimestamp[partyA] + maLayout.liquidationTimeout,
            "LiquidationFacet: Expired signature"
        );

Then for setSymbolsPrices https://github.com/sherlock-audit/2023-06-symmetrical/blob/6d2b64b6732fcfbd07c8217897dd233dbb6cd1f5/symmio-core/contracts/facets/liquidation/LiquidationFacetImpl.sol#L34 it doesn't check the sig for timestamp for verifyPrice` https://github.com/sherlock-audit/2023-06-symmetrical/blob/6d2b64b6732fcfbd07c8217897dd233dbb6cd1f5/symmio-core/contracts/libraries/LibMuon.sol#L34C5-L63C16
so A liquidator can use an old price from a long timestamp and since its not checked it can cause profit for PartyA/PartyB and this can be dirrected at each party causing some of them loss
Ex:
Liquidation happens at eth price 1000 at 20 timestamp
Now price is at 2000 at timestamp 40 but 20 is still used and since there is no check PartyA has short So PartyB can get more profit than they should

Impact

Free profit for PartyB/PartyA

Code Snippet

function setSymbolsPrice(address partyA, PriceSig memory priceSig) internal {
        MAStorage.Layout storage maLayout = MAStorage.layout();
        AccountStorage.Layout storage accountLayout = AccountStorage.layout();
// @audit this dosnt check the timestmap like the other muon functions 
        LibMuon.verifyPrices(priceSig, partyA);
        require(maLayout.liquidationStatus[partyA], "LiquidationFacet: PartyA is solvent");
// @audit see here that chec is not good since timestmap can be below these      
   require(
            priceSig.timestamp <=
                maLayout.liquidationTimestamp[partyA] + maLayout.liquidationTimeout,
            "LiquidationFacet: Expired signature"
        );
        for (uint256 index = 0; index < priceSig.symbolIds.length; index++) {
            accountLayout.symbolsPrices[partyA][priceSig.symbolIds[index]] = Price(
                priceSig.prices[index],
                maLayout.liquidationTimestamp[partyA]
            );
        }

        int256 availableBalance = LibAccount.partyAAvailableBalanceForLiquidation(
            priceSig.upnl,
            partyA
        );
        if (accountLayout.liquidationDetails[partyA].liquidationType == LiquidationType.NONE) {
            accountLayout.liquidationDetails[partyA] = LiquidationDetail({
                liquidationType: LiquidationType.NONE,
                upnl: priceSig.upnl,
                totalUnrealizedLoss: priceSig.totalUnrealizedLoss,
                deficit: 0,
                liquidationFee: 0
            });

Tool used

Forge
Manual Review

Recommendation

Add timestmap check to muon or this:

 block.timestamp <= priceSig.timestamp + maLayout.liquidationTimeout,

Duplicate of #113
@github-actions github-actions bot added High A valid High severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Jul 10, 2023
@sherlock-admin sherlock-admin added the Reward A payout will be made for this issue label Jul 26, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin