Asset Balance Increase During Conversion
Summary
Asset conversion logic fails to ensure that the asset balance does not increase, leading to incorrect accounting and potential financial discrepancies.
Vulnerability Details
/CreditDelegationBranch.sol/convertMarketsCreditDepositsToUsdc
The convertMarketsCreditDepositsToUsdc function in CreditDelegationBranch.sol lacks a balance check to ensure that the asset balance does not increase after conversion. This allows a strategy to manipulate the asset balance, leading to incorrect accounting and potential financial discrepancies. The absence of this check violates the rule validateAssetConversion, which explicitly requires the asset balance to remain unchanged or decrease.
How it Happens
A system keeper calls
convertMarketsCreditDepositsToUsdcwith a strategy that allows the asset balance to increase.The function processes the conversion without enforcing a balance check.
Variables
-
Pre-Conversion:
initialBalance = 100assetBalances[assets[0]] = 100
-
Post-Conversion:
assetBalances[assets[0]] = 150(expected to remain<= 100)
Impact
The asset balance increase could lead to incorrect accounting, affecting the protocol's financial stability.
The system's state tracking becomes unreliable, leading to inconsistencies in refund processing.
Tools Used
vs
Recommendations
Add a balance check in the convertMarketsCreditDepositsToUsdc function to ensure the asset balance does not increase:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.