Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Storage Array Edited with Memory, in CreditDelegationBranch.sol

hawks

Summary

The function settleVaultsDebt storage reference is passed to a function that expects a memory parameter.

Vulnerability Details

vault.swapStrategy.usdcDexSwapPath and vault.swapStrategy.assetDexSwapPath are storage variables.

_convertAssetsToUsdc and _convertUsdcToAssets expect bytes memory path.If _convertAssetsToUsdc or _convertUsdcToAssets modify path, those changes are lost because they happen in memory, not in storage.

ctx.usdcOut = _convertAssetsToUsdc( // @ audit
vault.swapStrategy.usdcDexSwapStrategyId,
ctx.vaultAsset,
ctx.swapAmount,
vault.swapStrategy.usdcDexSwapPath,
address(this),
ctx.usdc
);
ctx.assetOutAmount = _convertUsdcToAssets( // @ audit
vault.swapStrategy.assetDexSwapStrategyId,
ctx.vaultAsset,
ctx.usdcIn,
vault.swapStrategy.assetDexSwapPath,
vault.indexToken,
ctx.usdc
);

Impact

Incorrect swap paths being used in future transactions.

  • Unintended behavior due to outdated or missing data.

  • Potential financial losses if swaps execute incorrectly.

Tools Used

Manual review

Recommendations

To fix the issue consider to change function parameter to storage.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.