Swapping wrong amount of usdc for underlying asset amount in SettleVaultsDebt function
Vulnerability Details
In CreditDelegationBranch::settleVaultsDebt, when vault is in credit, meaning when ctx.vaultUnsettledRealizedDebtUsdX18 is greater than zero, we swap USDC for vault's underlying asset. Before swapping, we calculate the ctx.usdcIn (the amount of usdc that needs to be swapped) using CreditDelegationBranch::calculateSwapAmount, this is where the bug lies. calculateSwapAmount function's 4th parameter execepts the amount in tokenIn decimal precision but as you can see here, we are passing in the vaultUnsettledDebtUsdAbs value in USDC's native decimal precision.
Impact
If vault's underlying asset has more decimals than usdc(like weth which has 18 decimals and usdc has 6), we will end up passing a bigger vaultUnsettledDebtUsdAbs in calculateSwapAmount function, and this function will obiviously return wrong amount of ctx.usdcIn.
Depending on the amount of available USDC we will over/underutilise it and will swap the wrong amount.
Tools Used
Manual Review
Recommendations
Convert vaultUnsettledDebtUsdAbs in vault's underlying asset native decimal precision
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.