Part 2

Summary

The settleVaultsDebt function does not enforce that totalSettledDebt remains non-decreasing when processing vaults. This allows for scenarios where debt is incorrectly reduced, leading to inaccurate accounting of settled debt. This bug manifests in the CreditDelegationBranch.sol contract, specifically in the settleVaultsDebt function.The settleVaultsDebt function does not enforce that totalSettledDebt remains non-decreasing when processing vaults. This allows for scenarios where debt is incorrectly reduced, leading to inaccurate accounting of settled debt. The bug manifests in the CreditDelegationBranch.sol contract, specifically in the settleVaultsDebt function.

Vulnerability Detail

/CreditDelegationBranch.sol/settleVaultsDebt[/CreditDelegationBranch.sol/settleVaultsDebt](https://github.com/Cyfrin/2025-01-zaros-part-2/blob/35deb3e92b2a32cd304bf61d27e6071ef36e446d/src/market-making/branches/CreditDelegationBranch.sol#L408-L523)

The settleVaultsDebt function in CreditDelegationBranch.sol does not enforce that totalSettledDebt remains non-decreasing when processing vaults. This allows for scenarios where debt is incorrectly reduced, leading to inaccurate accounting of settled debt.

How it Happens

1. Action: Calls settleVaultsDebt with vaultIds = [0].

2. Execution: The function processes the vault but incorrectly decreases totalSettledDebt from 0 to -1.

3. Violation: The totalSettledDebt >= initialDebt fails, as debt decreases instead of remaining constant or increasing.

• Pre-Settlement:

  • initialDebt = 0

  • totalSettledDebt = 0

• Post-Settlement:

  • totalSettledDebt = -1 (expected totalSettledDebt >= 0)

Impact

The system may incorrectly report settled debt, leading to financial discrepancies.

Tools Used

Vs

Recommendations

Add a check in the settleVaultsDebt function to ensure totalSettledDebt does not decrease after processing each vault