IllIllI - Global position-fee-related state not updated until _after_ liquidation checks are done

[sherlock-admin]

IllIllI

medium

Global position-fee-related state not updated until after liquidation checks are done

Summary

Global position-fee-related state not updated until after liquidation checks are done

Vulnerability Detail

Checking whether a position is liquidatable occurs before the global state is updated.

Impact

A position that should be liquidated in the current block, won't be liquidated until the next block, when the correct fee multipliers/factors are applied. A delayed liquidation means that a position that should have been liquidated will not be, likely causing a larger loss than should have been incurred.

Code Snippet

State is updated after the liquidation checks:

// File: gmx-synthetics/contracts/position/DecreasePositionUtils.sol : DecreasePositionUtils.decreasePosition()   #1

162 @>         if (BaseOrderUtils.isLiquidationOrder(params.order.orderType()) && !PositionUtils.isPositionLiquidatable(
163                params.contracts.dataStore,
164                params.contracts.referralStorage,
165                params.position,
166                params.market,
167                cache.prices,
168                true
169            )) {
170                revert PositionShouldNotBeLiquidated();
171            }
172    
173:@>         PositionUtils.updateFundingAndBorrowingState(params, cache.prices);

https://github.com/sherlock-audit/2023-02-gmx/blob/main/gmx-synthetics/contracts/position/DecreasePositionUtils.sol#L152-L179

Tool used

Manual Review

Recommendation

Call PositionUtils.updateFundingAndBorrowingState() before all checks

[xvi10]

Fix in gmx-io/gmx-synthetics@0821228