Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Storage Array Edited with Memory, in CreditDelegationBranch.sol

hawks

Summary

The function settleVaultsDebt storage reference is passed to a function that expects a memory parameter.

Vulnerability Details

vault.swapStrategy.usdcDexSwapPath and vault.swapStrategy.assetDexSwapPath are storage variables.

_convertAssetsToUsdc and _convertUsdcToAssets expect bytes memory path.If _convertAssetsToUsdc or _convertUsdcToAssets modify path, those changes are lost because they happen in memory, not in storage.

ctx.usdcOut = _convertAssetsToUsdc( // @ audit
vault.swapStrategy.usdcDexSwapStrategyId,
ctx.vaultAsset,
ctx.swapAmount,
vault.swapStrategy.usdcDexSwapPath,
address(this),
ctx.usdc
);
ctx.assetOutAmount = _convertUsdcToAssets( // @ audit
vault.swapStrategy.assetDexSwapStrategyId,
ctx.vaultAsset,
ctx.usdcIn,
vault.swapStrategy.assetDexSwapPath,
vault.indexToken,
ctx.usdc
);

Impact

Incorrect swap paths being used in future transactions.

  • Unintended behavior due to outdated or missing data.

  • Potential financial losses if swaps execute incorrectly.

Tools Used

Manual review

Recommendations

To fix the issue consider to change function parameter to storage.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!