# #47380 \[SC-Insight] Incorrect token\_assets\_value in AccountLiquidated Event

**Submitted on Jun 13th 2025 at 06:49:47 UTC by @Catchme for** [**IOP | Paradex**](https://immunefi.com/audit-competition/iop-paradex)

* **Report ID:** #47380
* **Report Type:** Smart Contract
* **Report severity:** Insight
* **Target:** <https://github.com/tradeparadex/audit-competition-may-2025/tree/main/registry>
* **Impacts:**
  * Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol)
  * Contract fails to deliver promised returns, but doesn't lose value

## Description

## Brief/Intro

The `account_liquidate()` function in the `account_component.cairo` file contains a flaw where the `token_assets_value` field in the emitted `AccountLiquidated` event is incorrectly set to the **liquidator’s** initial token balance rather than any value related to the **liquidated account**. This misrepresentation undermines the integrity of on-chain event data and misleads off-chain consumers such as analytics tools, dashboards, and auditors.

## Vulnerability Details

In the `account_liquidate()` function, the protocol emits an `AccountLiquidated` event after transferring a share of the liquidated account’s positions and collateral. However, the `token_assets_value` field is populated using the liquidator's **pre-liquidation** balance, which is not relevant to the liquidation outcome and contradicts the field’s intended meaning.

The event documentation clearly states that `token_assets_value` refers to "The total value of token assets in the account" (i.e., the **liquidated account**). Logging the liquidator’s balance at this field is logically incorrect, misleading, and potentially harmful for off-chain systems relying on accurate data.

```rust
let initial_liquidator_token_balance = self
    .token
    .get_asset_balance_or_empty(liquidator, settlement_token_asset);

...

self.emit(
    AccountComponent::Event::AccountLiquidated(
        AccountLiquidated {
            account: account,
            liquidator: liquidator,
            token_assets_value: initial_liquidator_token_balance.amount,  // ← Incorrect source
            margin_requirement: margin_requirement.into(),
            unrealized_pnl: total_unrealized_pnl.into(),
            liquidation_penalty: liq_penalty,
            liquidation_share: liquidation_share_d.try_into().unwrap(),
            is_partial_liquidation: (!full_liquidation).into(),
            oracle_snapshot_id: oracle_snapshot_id,
        },
    ),
);
```

## Impact Details

Off-chain systems monitoring liquidation value per account will retrieve incorrect data.

## Proof of Concept

## Proof of Concept

This is no need POC


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://reports.immunefi.com/iop-paradex/47380-sc-insight-incorrect-token_assets_value-in-accountliquidated-event.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.