ncorrect Debt Distribution in `distributeDebtToVaults()` Can Cause Vaults to Receive Excess or Insufficient Debt
Bug Description:
The distributeDebtToVaults() function is responsible for distributing realized and unrealized debt to vaults based on their share of total delegated credit. However, the function incorrectly assumes that dividing newRealizedDebtUsdX18 and newUnrealizedDebtUsdX18 by totalVaultSharesX18 will always produce valid and accurate results:
The critical issue is that totalVaultSharesX18 (i.e., totalDelegatedCreditUsd converted to SD59x18) can be extremely small or even zero.
If
totalVaultSharesX18 == 0, this results in a division by zero, causing a revert and halting all market operations.If
totalVaultSharesX18is a very small number, butnewRealizedDebtUsdX18ornewUnrealizedDebtUsdX18is large, the division can create an extremely large debt-per-share value, leading to overflow when converting toint128.In scenarios where vault credit fluctuates rapidly, a single vault with minimal credit can receive an excessive amount of debt, potentially forcing liquidation when it shouldn't be necessary.
Impact:
If totalVaultSharesX18 == 0, debt distribution completely fails, preventing the market from functioning and halting all transactions. If totalVaultSharesX18 is too small, vaults may be incorrectly overburdened with debt, leading to wrongful liquidations and financial loss.
Mitigation:
Before dividing, ensure totalVaultSharesX18 is greater than a safe minimum threshold and revert gracefully if it's zero:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.