`settleCreditDeposit()` Can Cause Division by Zero and Incorrect USDC Credit Distribution
Bug Description:
The settleCreditDeposit() function is responsible for removing a settled asset from creditDeposits and distributing the received USDC to vaults based on their delegated credit share. However, the function assumes that totalDelegatedCreditUsd is always nonzero, leading to a potential division by zero when calculating addedUsdcPerCreditShareX18:
Key issues:
-
If
totalDelegatedCreditUsd == 0, this results in a division by zero, causing a transaction revert.This can happen if all vaults have withdrawn their delegated credit before the function executes.
The market may become unable to distribute credit settlements, leading to frozen liquidity.
-
If
totalDelegatedCreditUsdis very small, rounding errors may result in vaults receiving disproportionate or zero USDC credit.A vault with a minuscule amount of delegated credit could receive an abnormally high USDC credit share, leading to unfair distributions.
Conversely, rounding issues could cause vaults to receive zero USDC credit despite deposits.
Impact:
A division by zero causes a full contract failure, preventing further settlements. Even if it does not revert, incorrect credit distribution leads to unfair allocation of USDC, allowing vaults to manipulate credit delegation timing to receive disproportionate rewards.
Mitigation:
Before performing the division, ensure that totalDelegatedCreditUsd is nonzero, and set a minimum floor value to prevent extreme imbalances:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.