Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Users Guaranteed To Lose Base Fees When Initiating Swaps on Non-Live Vaults

0xdarko

Summary

https://github.com/Cyfrin/2025-01-zaros-part-2/blob/35deb3e92b2a32cd304bf61d27e6071ef36e446d/src/market-making/branches/StabilityBranch.sol#L221C1-L223C38

In StabilityBranch.initiateSwap(), only collateral liveness is checked, while vault liveness is only checked during fulfillment. This allows users to initiate swaps on non-live vaults that will always fail, causing them to lose their base fees.

Vulnerability Details

When initiating a swap with StabilityBranch::initiateSwap it only checks if collateral is enabled:

initiateSwap(...) {
// Only checks collateral
Collateral.Data storage collateral = Collateral.load(ctx.initialVaultCollateralAsset);
collateral.verifyIsEnabled();
// No vault liveness check
}

But in StabilityBranch::fulfillSwap is where it checks that the vault is live:

fulfillSwap(...) {
// Requires live vault
Vault.Data storage vault = Vault.loadLive(ctx.vaultId);
}

Impact

  • Users can initiate swaps and are guranteed to have transactions that fail which in return makes them lose the base fees on swaps.

  • A poor UX as users can be set up for impossible transactions that will cost them some tokens

  • Protocol is taking fees for a service it cannot provide at this moment

Tools Used

Foundry

Recommendations

Add vault liveness check inside of StabilityBranch::initiateSwap:

function initiateSwap(...) {
- Vault.Data storage currentVault = Vault.load(vaultIds[0]);
+ Vault.Data storage currentVault = Vault.loadLive(vaultIds[0]);
....
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`initiateSwap` allows users to initiate swap even when the vault is paused

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.