Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Nibiru>Threat Models>Message: ExecuteMsg.RemoveMargin
GeneralOverview
Findings
Critical (4)
High (4)
Medium (1)
Low (1)
DiscussionInconsistent change admin
Threat ModelsWhat are threat models?1-oracle2-perp_v2
3-wasmModule: x/wasmMessage: ExecuteMsg.AddMarginMessage: ExecuteMsg.ClosePositionMessage: ExecuteMsg.CreateMarketMessage: ExecuteMsg.DepthShiftMessage: ExecuteMsg.EditOracleParamsMessage: ExecuteMsg.InsuranceFundWithdrawMessage: ExecuteMsg.OpenPositionMessage: ExecuteMsg.PegShiftMessage: ExecuteMsg.RemoveMarginMessage: ExecuteMsg.SetMarketEnabled
4-bindings-perp5-controller6-shifter
Audit ResultsSummary

Message: ExecuteMsg.RemoveMargin

This message can be sent via a CosmosWasm contract and allows for a collateral to be removed from an existing position. The parameters that a user can control are

  • Sender — This is the account holding the position; there are no checks (see ).

  • Pair — This is the pair of the position to remove margin from. It is checked to ensure that it is valid and that there is an open position, a market, and an AMM for the pair.

  • Margin — This is the amount of collateral to remove from the position; there are no checks on the amount.

After the sdkMsg is created, there is no call to ValidateBasic (which automatically happens for regular Cosmos transactions), so a lot of vital checks (such as negative numbers) are missed. In this case, a negative margin can be specified when it ends up being added to the position margin without transferring any funds from the user; see the related finding at .

The flow is then the same as the regular AddMargin transaction; see .

Zellic © 2025Back to top ↑