51��������

LeverageX is a decentralized platform allowing users to open highly leveraged positions of up to 150x on multiple financial assets such as cryptocurrencies, stocks, and forex. Since the protocol is entirely run on smart contracts, it provides transparency and self-custody trading from users' wallets. While the complexity of its mechanics provides these benefits, it also includes potential security flaws.

AuditOne recently manually audited LeverageX's smart contracts. We searched for weaknesses that would undermine the protocol's solvency, integrity, or users' funds. One of several high-severity findings stood out because of its system risk: a bug in the leverage update logic that could be abused to manipulate liquidation prices, risking the protocol becoming insolvent.

The Key Risk: Updating Leverage Past Liquidation Thresholds

Keeping precise liquidation logic in high-leverage systems is essential. The most important bug found exists in the updateLeverage() function in UpdateLeverageUtils.sol. The following is what goes on behind the scenes:

• The user initiates a position with extremely low collateral but extremely high leverage.
• When updateLeverage() is invoked, it invokes _prepareValues() that recalculate internal values such as the liquidation price (liqPrice).
• With such a low collAmount, the internal method _getTradeLiquidationPrice() calculates collateralLiqNegativePnlInt less than the fees of the protocol.
• This makes the function return a liquidation value of 1, representing a triggered or invalid state of liquidation.
• Critically, the return value is not checked; the update goes on as if all is well.

This loophole can reload the leverage even if the position is effectively shut down. A person can misuse this loophole to attack the system to create denial-of-service (DoS) states or create fiscal instability in the system.

The Solution: An Effective Simple Guard

The deficiency can be remediated by adding a validation check. This basic guard prevents any attempt to update leverage when liquidation logic fails by reverting the transaction. It's a low-effort fix that has a big impact on ensuring protocol solvency.

Why This Bug Was Difficult to Catch

High-leverage platforms are brittle by nature. Small precision or internal defects have massive downstream implications. Here, the coupling of leverage, collateral, and liquidation calculations created a hidden edge case. Since the system did not check the return value of getTradeLiquidationPrice(), a simple correctness check was missed.

Other Important Vulnerabilities Detected

Although the leverage update bug was the most critical, our audit also revealed a number of other high-impact bugs:

Manipulation of voting power through re-staking:

• They could stake, vote, unstake, then restake to vote a second time, essentially doubling their voting power. To fix this, LeverageX needed to implement a cooldown time delay for unstaking and restaking operations and determine voting power by means of a distinct JavFreezer contract.

Missing Token Transfers in Vesting Logic:

• The depositVesting() function accounted for token deposits but did not transfer tokens, leading to a discrepancy between protocol state and true balances. To resolve this issue, use safeTransferFrom to send tokens and provide enough allowance.

Public Collateral Transfer Role:

• The transferCollateralTo() function could be called openly, allowing any party to withdraw user collateral. The best solution would be to change visibility to internal and implement access controls.

Token Authorization Absent in Lending Provider Update:

• On updateBorrowingProvider, tokens were not approved timely, which may disrupt stop-loss or liquidation streams. To fix this, we need to make sure that approvals are updated immediately when a provider changes.
  

Conclusion

This audit underscores the sheer Importance of edge case handling in leverage and liquidation logic. One unvetted return value can be enough to make a protocol sound but systematic in its vulnerabilities. LeverageX has been applying the suggested patches to fix issues, adding yet another layer of safety and security to a decentralized trading protocol. Security isn't something one ever does once and then forgets; it's a continuous process. At AuditOne, we believe in helping Web3 protocols develop securely and strongly.

Ensure your platform remains secure and your users' trust unshaken—choose AuditOne to fortify your smart contracts and build a foundation of security and reliability.
‍‍

Book your Free Security Consultation:

Google Calendar:
Telegram:

‍

‍