`recalculateVaultsCreditCapacity` will revert when vault has lower creditCapacity than the previous one
Summary
During the recalculateVaultsCreditCapacity in one of the underlying function _updateCreditDelegations, this function will iterate through all of the markets for the current vault. If the previousCreditDelegationUsdX18 was higher than the current one, logic will revert.
Vulnerability Details
Let's have the following situation:
We have 1 Market and this market has only vault, also the vault is connected just to this one.
Let's have for the
previousCreditDelegationUsdX18= 80 and for the currentnewCreditDelegationUsdX18= 70, because for example user withdrawn some of the funds or there is the drop of the price of the asset.The above values will revert due to 70 - 80 = -10, but the value holders are using UD60x18, which is the unassigned value.
Impact
The current implementation of the _updateCreditDelegations function can lead to unexpected reverts when the newCreditDelegationUsdX18 is less than the previousCreditDelegationUsdX18. This occurs because the function uses UD60x18 (unsigned decimal) for calculations, which cannot handle negative values. This will make the vault and respectively the market unusable, until the newCreditDelegationUsdX18 is less than the previousCreditDelegationUsdX18.
Tools Used
Manual review
Recommendations
Consider changing the logic to use SD59x18:
Lead Judging Commences
Vault::_updateCreditDelegations uses unsigned UD60x18 for credit delegation delta calculation which will underflow on any decrease in credit delegation amount
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.