Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Nibiru>Threat Models>Message: ExecuteMsg.OpenPosition
GeneralOverview
Findings
Critical (4)
High (6)
DiscussionInconsistent change admin
Threat ModelsWhat are threat models?1-oracle2-perp_v2
3-wasmModule: x/wasmMessage: ExecuteMsg.AddMarginMessage: ExecuteMsg.ClosePositionMessage: ExecuteMsg.CreateMarketMessage: ExecuteMsg.DepthShiftMessage: ExecuteMsg.EditOracleParamsMessage: ExecuteMsg.InsuranceFundWithdrawMessage: ExecuteMsg.OpenPositionMessage: ExecuteMsg.PegShiftMessage: ExecuteMsg.RemoveMarginMessage: ExecuteMsg.SetMarketEnabled
4-bindings-perp5-controller6-shifter
Audit ResultsSummary

Message: ExecuteMsg.OpenPosition

This message can be sent via a CosmosWasm contract and allows for a new position to be opened. The parameters that a user can control are

  • Sender — This is the account to open a position on. There are no checks (see ).

  • Pair — This is the pair to open or modify the position on. It is checked to ensure that the format is valid, that an enabled market exists for it, and that there is an AMM for it.

  • IsLong — This is a boolean indicating the direction the user is taking.

  • QuoteAmount — This is the amount of quote asset to open a position with; it must not be zero.

  • Leverage — This is the leverage to open a position with; it must not be zero and not greater than the market's MaxLeverage setting.

  • BaseAmountLimit — This is the minimum base asset amount to open a position with; it must not be negative.

After the sdkMsg is created, there is no call to ValidateBasic (which automatically happens for regular Cosmos transactions), so a lot of vital checks (such as negative numbers) are missed. See the related finding at .

The flow is then the same as the regular OpenPosition transaction; see .

Zellic © 2024Back to top ↑