Description

The project threat model involves several actors that are fully trusted to behave correctly and not be compromised. The on-chain contracts perform little to no checks against intentional or unintentional malicious behavior.

Additionally, the project is not documented, and the design and code for off-chain components is not available for scrutiny. The executors logic — including the algorithm that selects orders to execute — and the asset-pricing mechanisms are undocumented. The fees structure is particularly confusing and opaque.

Impact

While centralization is not a vulnerability per se, it increases the attack surface of the project, adding single points of failure that might cause unintentional damages (e.g., due to bugs or human errors) or could be targeted and exploited by an attacker.

The lack of documentation and lack of access to code prevented us from having a complete understanding of the interactions between the contracts and the off-chain components. Our review assumed honest and correct behavior from all off-chain components, excluding only the unprivileged and untrusted users acting as liquidity providers or perpetual traders.

Recommendations

Mitigations to limit the potential damage made by intentional or unintentional malicious behavior should be considered. However, the risks due to compromise of trusted actors cannot be eliminated without a significant redesign.

The project should be thoroughly documented, and the code for critical off-chain components (such as the executor) should be considered for an open-source release.

Remediation