Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Missing check for required amount

eddiepumpin

Summary

Lack of check if amount of vault assets is up to the required amount(ctx.swapAmount) during the conversion of Assets to
USDC.

Vulnerability Details

When the if() in CreditDelegationBranch::settleVaultsDebt gets executed, a call is made to an internal function
CreditDelegationBranch::_convertAssetsToUsdc to convert assets to USDC. However, there is no check if the vault assets
present is up to amount to be swapped(ctx.swapAmount).

ctx.usdcOut = _convertAssetsToUsdc(
vault.swapStrategy.usdcDexSwapStrategyId,
ctx.vaultAsset,
ctx.swapAmount,
vault.swapStrategy.usdcDexSwapPath,
address(this),
ctx.usdc
);

For example:

If there are 30 units of assets in the vault and the required amount(ctx.swapAmount) is 50 units of vault asset

Impact

This can lead to unintended behaviors.

Recommendations

Enforce a check before the conversion to ensure the vault has enough assets for the swap.

```diff
+ error NotEnoughAssets();
.
.
.
if (ctx.vaultUnsettledRealizedDebtUsdX18.lt(SD59x18_ZERO)) {
// get swap amount; both input and output in native precision
ctx.swapAmount = calculateSwapAmount(
dexSwapStrategy.dexAdapter,
ctx.usdc,
ctx.vaultAsset,
usdcCollateralConfig.convertSd59x18ToTokenAmount(ctx.vaultUnsettledRealizedDebtUsdX18.abs())
);
+ if(ctx.vaultAsset.totalAssets() < ctx.swapAmount) {
+ revert NotEnoughAssets();
+ }
ctx.usdcOut = _convertAssetsToUsdc(
vault.swapStrategy.usdcDexSwapStrategyId,
ctx.vaultAsset,
ctx.swapAmount,
vault.swapStrategy.usdcDexSwapPath,
address(this),
ctx.usdc
);
```
Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.