You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The MultiInvoker contract manages various operations in the Perennial protocol, including the execution of trigger orders.
Details
The issue is in the _executeOrder function. While it does use trigger conditions to determine when to execute an order, it doesn't implement a mechanism to protect against slippage between the time an order is placed and when it's executed.
Unexpected Execution Prices: Orders may be executed at prices significantly different from what the user anticipated when placing the order.
Potential for Large Losses: In volatile market conditions, the lack of slippage protection could result in substantial losses for users.
Vulnerability to Market Manipulation: Malicious actors could potentially manipulate market conditions to trigger unfavorable order executions.
Scenario
Bob places a trigger order to go long when the price reaches a certain level. The price reaches this level and starts to rapidly increase. Bob's order is executed, but at a much higher price than he intended, resulting in a significant loss.
Fix
Implement a maximum slippage tolerance in the TriggerOrder structure and check it during execution:
struct TriggerOrder {
// ... existing fields ...
UFixed6 maxSlippage; // New field for maximum allowed slippage
}
function _executeOrder(addressaccount, IMarket market, uint256nonce) internal {
// ... existing checks ...
TriggerOrder memory order =orders(account, market, nonce);
// Get the current market price
UFixed6 currentPrice = market.getPrice();
// Calculate the maximum acceptable price based on the trigger price and max slippage
UFixed6 maxAcceptablePrice = order.triggerPrice.mul(UFixed6Lib.ONE.add(order.maxSlippage));
// Check if the current price is within the acceptable rangerequire(currentPrice.lte(maxAcceptablePrice), "Slippage exceeded");
// ... rest of the function ...
}
The text was updated successfully, but these errors were encountered:
sherlock-admin3
changed the title
Crazy Chartreuse Viper - Inadequate Slippage Protection in Order Execution
0xloophole - Inadequate Slippage Protection in Order Execution
Sep 23, 2024
0xloophole
Medium
Inadequate Slippage Protection in Order Execution
Summary
The MultiInvoker contract manages various operations in the Perennial protocol, including the execution of trigger orders.
Details
The issue is in the
_executeOrder
function. While it does use trigger conditions to determine when to execute an order, it doesn't implement a mechanism to protect against slippage between the time an order is placed and when it's executed.Code Snippet
Impact
Scenario
Bob places a trigger order to go long when the price reaches a certain level. The price reaches this level and starts to rapidly increase. Bob's order is executed, but at a much higher price than he intended, resulting in a significant loss.
Fix
Implement a maximum slippage tolerance in the TriggerOrder structure and check it during execution:
The text was updated successfully, but these errors were encountered: