Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

One Market weight will considered as total Vault credit weight.

pavankv

Summary

The weight assigned to a single market is considered relative to the total weight of the vault across all its connected markets. In each market has a specific weight that represents its share of the vault's total credit capacity. This individual market weight must then be aggregated into the vault's overall weight, ensuring that the vault's total credit distribution across all connected markets is accurately reflected.

Vulnerability Details

The function recalculateVaultsCreditCapacity is used to calculate the connected markets credit weight to vault in this function updateVaultAndCreditDelegationWeight called first to update the credit weight of each market and total credit weight of the vault see below code snippet

for (uint256 i; i < connectedMarketsIdsCache.length; i++) {
// load the credit delegation to the given market id
CreditDelegation.Data storage creditDelegation =
CreditDelegation.load(self.id, connectedMarkets.at(i).toUint128());
// update the credit delegation weight
creditDelegation.weight = newWeight;
}
// update the vault weight
self.totalCreditDelegationWeight = newWeight;// @audit check here

We can see in above snippet that weight will be same for every markets but total weight also same . If two market weight will be same as total weight update in storage state.

In end of the recalculateVaultsCreditCapacity function _updateCreditDelegations will called to calculate and update the credit delegation see below code snippet

// cache the latest credit delegation share of the vault's credit capacity
uint128 totalCreditDelegationWeightCache = self.totalCreditDelegationWeight; // vault
if (totalCreditDelegationWeightCache != 0) {
// get the latest credit delegation share of the vault's credit capacity
UD60x18 creditDelegationShareX18 =
ud60x18(creditDelegation.weight).div( ud60x18(totalCreditDelegationWeightCache) );

In above code snippet we can see two vairables totalCreditDelegationWeightCache and creditDelegation.weight which will same which just assinged in function updateVaultAndCreditDelegationWeight so division will be always 1.

Simulated Flaw Calculation

Market ID Assigned Weight Incorrect Total Weight Incorrect Proportion
Market 1 50 50 50 / 50 = 100%
Market 2 50 50 50 / 50 = 100%
Market 3 50 50 50 / 50 = 100%

Simulated Correct calculation

Market ID Assigned Weight Expected Proportion
Market 1 50 50 / 150 = 33.3%
Market 2 50 50 / 150 = 33.3%
Market 3 50 50 / 150 = 33.3%

Impact

Every connected market receives the same weight (newWeight).
The totalCreditDelegationWeight is also set to newWeight, meaning that if multiple markets exist, their combined weight should be summed up but isn't.

Tools Used

Manual View

Recommendations

Add Assetion or revert

require(totalCreditDelegationWeightCache > creditDelegation.weight, "Invalid weight assignment");

Change Code in updateVaultAndCreditDelegationWeight function

uint128 totalWeight = 0;
for (uint256 i; i < connectedMarketsIdsCache.length; i++) {
// Load credit delegation
CreditDelegation.Data storage creditDelegation =
CreditDelegation.load(self.id, connectedMarkets.at(i).toUint128());
// Update individual market weight
creditDelegation.weight = newWeight;
// Accumulate total weight properly
totalWeight += newWeight;// @audit check here
}
// Correctly update the total vault weight
self.totalCreditDelegationWeight = totalWeight;
Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Market Credit Delegation Weights Are Incorrectly Distributed

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.