Part 2

Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Submission Details
Severity: low
Valid

Vault's credit capacity is not updated during usd token swap

Summary

Vault's credit capacity is not updated during any usd-token-swap-related activity including getting estimated asset out, initiating swap, fulfilling swap and so on. This will result in user fund loss and protocol fund loss.

Vulnerability Details

Vault's credit capacity (or vault's debt) affects usd token swap rate. However, protocol doesn't use updated vault's credit capacity and total debt when estimating swap result, initiating swap and fulfilling swap.

Is it because protocol always updates vault's credit capacity (i.e. call Vault.recalculateVaultsCreditCapacity) beforehand? The answer is no. For example:

All of the above actions greatly affects market and its connected vaults' credit capacity and total debt, but the status is not updated afterwards.

Then, can this inconsistency be mitigated by calling updateMarketCreditDelegationsmanually from external users?

The answer is no again. Because usd token swap is performed by chainlink's upkeeper. It will be difficult for external users to call this function just before swapping happens.

Impact

usd token to asset swap rate depends on premium discount factor, and premium discount factor depends on LTV of the vault. Thus, doing swap operation on obsolete vaules will cause protocol malfunctioning and fund loss

  • If user gets assets more than deserved as a result of usd-asset swap, it is protocol's and LP's fund loss

  • If user receives less assets than deserved, it's user's fund loss

  • If user decided swap parameter from getAmountOfAssetOutand getFeesForAssetsAmountOut, which used obsolete values, and then it caused swap failure, then it's both user's fund loss (the user has to pay unwanted protocol fee) and degraded user experience.

Tools Used

Manual Review

Recommendations

Update vault's credit capacity before doing any usd token swap action.

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

initiateSwap should call `recalculateVaultsCreditCapacity`

fulfillSwap should call recalculateVaultsCreditCapacity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.