cergyk - Price signature reuse in setSymbolsPrice can heavily influence liquidation outcome

[sherlock-admin]

cergyk

high

Price signature reuse in setSymbolsPrice can heavily influence liquidation outcome

Summary

Any older price signature can be used to call setSymbolsPrice, and can be used by a malicious liquidator to liquidate partyA in unfair conditions.

Vulnerability Detail

While there is a condition for the price to not be too far in the future from the liquidation time:
https://github.com/sherlock-audit/2023-06-symmetrical/blob/main/symmio-core/contracts/facets/liquidation/LiquidationFacetImpl.sol#L40-L44

There is conversely no check to ensure that a signature too old is not used here.

We can notice that this is handled correctly in partyB's liquidation where both checks are enforced:
https://github.com/sherlock-audit/2023-06-symmetrical/blob/main/symmio-core/contracts/facets/liquidation/LiquidationFacetImpl.sol#L318-L330

A liquidator can either manipulate this field to get their maximum share of liquidation fee if that's not actually possible under market conditions, or collude with either partyB or partyA to make a favorable outcome to either one of them at the expense of the other given how funds are redistributed during liquidatePartyAPositions:

https://github.com/sherlock-audit/2023-06-symmetrical/blob/main/symmio-core/contracts/facets/liquidation/LiquidationFacetImpl.sol#L152-L156

and

https://github.com/sherlock-audit/2023-06-symmetrical/blob/main/symmio-core/contracts/facets/liquidation/LiquidationFacetImpl.sol#L163-L174

Impact

A malicious liquidator can use older signature for symbols prices, and influence liquidation outcome to be more favorable/defavorable to any actor partyA/partyB/liquidator.

Code Snippet

Tool used

Manual Review

Recommendation

Use a check similar as in partyB's liquidation:
https://github.com/sherlock-audit/2023-06-symmetrical/blob/main/symmio-core/contracts/facets/liquidation/LiquidationFacetImpl.sol#L327-L330

Duplicate of #113