BMX

morphex-contracts

Cantina Security Report

Organization

@BMXX

Engagement Type

Cantina Reviews

Period

-

Repositories

GitHubmorphex-labs/morphex-contracts

Researchers

Chinmay Farkya

Om Parikh

Findings

Low Risk

1 findings

1 fixed

0 acknowledged

Low Risk1 finding

  1. ShortsTracker can be temporarily out of sync due to direct vault.decreasePosition

    State

    Fixed

    PR #1

    Severity

    Severity: Low

    Likelihood: Low

    ×

    Impact: Medium

    Submitted by

    Om Parikh

    Description

    When placing and executing orders via Orderbook, shorts tracker is updated by updateGlobalShortData call in PositionRouter. However, user can decrease position directly on vault which doesn't update shorts tracker data.

    This leads to temporary mispricing of BLT as global shorts average price is lagging until some other user interacts via PositionRouter or shorts data is updated externally by some other means.

    This scenario is currently not exploitable in practice because of fees on trades, fees on minting and burning BLT, various imposed caps and can't be executed atomically requiring to take positional risk. This also requires large uninterrupted price movements (i.e no other user/s except malicious trader is opening/closing positions while large price movement takes place)

    Recommendation

    • Since Vault.sol can't be upgraded, add additional strict checks in VaultUtils.sol and replace address in vault contract to newly deployed vault utils

    OR

    • shorts tracker's global short average price should be monitored externally and if any discrepancies are found, it should be updated/adjusted to correct value.

    BMX: Fixed in PR 1

    Cantina: Fix verified.