Steadefi

DeFiHardhatFoundryOracle

35,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

`processDeposit()` can cause a DoS if equityAfter is 0 and equityBefore > 0.

0xanmol

Summary

When minting the user's gvToken in ProcessDeposit.sol, if equityAfter is 0 and equityBefore is a positive number, an evmRevert will occur due to arithmetic underflow.

Vulnerability Details

The calculation for minting the user's gvToken (share token) after the user deposits into the vault is based on the equity value of the vault.

function processDeposit(

GMXTypes.Store storage self

) external {

self.depositCache.healthParams.equityAfter = GMXReader.equityValue(self);

self.depositCache.sharesToUser = GMXReader.valueToShares(

self,

//@audit if equityAfter is 0 this can cause evmRevert with arithmetic underflow

self.depositCache.healthParams.equityAfter - self.depositCache.healthParams.equityBefore,

self.depositCache.healthParams.equityBefore

);

GMXChecks.afterDepositChecks(self);

}

If we examine the equity value calculation, it is simply the difference between the GM token value and the total debt value. If the equity value is less than the debt, the function returns 0 to avoid underflow within the function.

function equityValue(GMXTypes.Store storage self) public view returns (uint256) {

(uint256 _tokenADebtAmt, uint256 _tokenBDebtAmt) = debtAmt(self);

uint256 assetValue_ = assetValue(self); //total value of GM held by vault

uint256 _debtValue = convertToUsdValue(self, address(self.tokenA), _tokenADebtAmt)

+ convertToUsdValue(self, address(self.tokenB), _tokenBDebtAmt); //debt taken from lending vault

// in underflow condition return 0

unchecked {

if (assetValue_ < _debtValue) return 0; //@audit returns 0 if debt > equity

return assetValue_ - _debtValue;

}

After a deposit, if _debtValue is less than assetValue, then equityValue will return 0. This value is used in the processDeposit function, so 0 - equityBefore will always result in an underflow, causing a DoS of the system.

The severity of this issue depends on the GM token value and the debt value of the vault. If the debt is greater, for example, for 10 days, the vault will be unusable for 10 days.

Impact

DoS of the system until assetValue > _debtValue.

Tools Used

manual review

Recommendations

Do not allow the deposit if debt > equity until the rebalance has occurred.

Updates

Lead Judging Commences

hans Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

0xanmol Submitter

almost 2 years ago

hans Auditor

almost 2 years ago

hans Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

Revert on deposit if equityAfter is 0 and equityBefore > 0

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

2,289

15 USDC / LOC

High Medium

33,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.