Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Inadequate collateral asset enablement check during redemption

tigerfrake

Summary

The current implementation of the redeem() function allows users to redeem collateral assets without verifying if those assets are still enabled. This oversight can lead to situations where users redeem assets that have been disabled after they initiated a withdrawal, undermining the protocol's integrity.

Vulnerability Details

In the initiateWithdrawal() function, there is a check to ensure that the collateral asset is enabled before allowing the user to initiate a withdrawal:

Vault.Data storage vault = Vault.loadLive(vaultId);
>> if (!vault.collateral.isEnabled) revert Errors.VaultDoesNotExist(vaultId);

However, during the redemption process in the redeem() function, this check is absent.

// fetch storage slot for vault by id
Vault.Data storage vault = Vault.loadLive(vaultId);
>> // @audit-info Missing asset enablement check

If the collateral asset is disabled between the initiation of the withdrawal and the redemption, users can still redeem these assets, which may no longer be operational.

Impact

Users may end up redeeming assets that are no longer supported, leading to potential financial losses if the assets have lost value or utility.

Tools Used

Manual Review

Recommendations

Add a check in the redeem() function to verify if the collateral asset is still enabled at the time of redemption.

// fetch storage slot for vault by id
Vault.Data storage vault = Vault.loadLive(vaultId);
+ if (!vault.collateral.isEnabled) revert Errors.VaultDoesNotExist(vaultId);
Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`initiateSwap` allows users to initiate swap even when the vault is paused

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.