The debt calculation depends on the order of the vaults
Summary
The current implementation of recalculateVaultsCreditCapacity iterates through all vaults of a market to calculate their respective debt shares. However, the totalDelegatedCreditUsd value, which is used in these calculations, gets updated at the end of each iteration. This results in subsequent vaults using an altered totalDelegatedCreditUsd value, leading to inconsistencies in debt distribution.
Vulnerability Details
Consider the following scenario:
Market A contains 5 Vaults.
Initially,
totalDelegatedCreditUsdfor Market A is 100.After processing the first vault,
totalDelegatedCreditUsdis updated (e.g., increasing by 5).The next vault's
getVaultAccumulatedValuesfunction now computes its share based on this new, alteredtotalDelegatedCreditUsdvalue, leading to incorrect calculations.This process repeats for the remaining vaults, compounding the inconsistency across all vaults in the market.
Impact
Inconsistent and incorrect debt share calculations among vaults.
Potential financial imbalances due to inaccurate credit capacity distribution.
Possible exploitation opportunities if an attacker can manipulate the vault processing order.
Tools Used
Manual code review
Recommendations
Compute and store the initial
totalDelegatedCreditUsdvalue before iterating through the vaults.Ensure each vault's debt share is calculated using a consistent reference value instead of an evolving one.
Consider implementing a temporary snapshot of
totalDelegatedCreditUsdat the beginning of the iteration cycle to avoid mid-cycle alterations.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.