Uninitialized Storage Write in `configureConnectedVaults()` Causes Market Freeze
Bug Description:
The configureConnectedVaults() function is responsible for adding new vaults to a market's connectedVaults array, which stores a list of EnumerableSet.UintSet. However, the function incorrectly attempts to access and modify an unallocated storage slot when writing to connectedVaults[connectedVaults.length], as Solidity does not automatically create new array elements upon index access. This results in a write to an undefined memory slot, which either causes a storage corruption or a transaction revert, rendering the function unusable when no vaults are initially connected. If connectedVaults is empty, the function tries to execute:
Since connectedVaults.length refers to an index that does not yet exist, this call will fail due to an invalid memory reference. As a consequence, the market will never be able to establish a vault connection, blocking essential functionalities such as credit delegation, debt distribution, and auto-deleverage mechanisms.
Impact:
The inability to configure vault connections causes a complete market freeze, preventing vaults from delegating credit, receiving debt distributions, and participating in auto-deleveraging, thereby locking market liquidity and rendering the system inoperable.
Mitigation:
Properly initialize a new UintSet using Solidity’s push() before attempting to modify it:
Lead Judging Commences
`Market::configureConnectedVaults` Will Always Fail with Array Out of Bounds Error
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.