Submission Details
Severity:
Incorrect Use of Variable
## Summary
Incorrect use of variable in `else` block of `CreditDelegationBranch::settleVaultsDebt`.
## Vulnerability Details
In `else` block of `CreditDelegationBranch::settleVaultsDebt`, when vault is in credit the vault's usdc balance are swapped
to more vault assets the function `_convertUsdcToAssets` in the block. However, `ctx.vaultAsset` is used as the asset to be
swapped in this function instead of `ctx.usdc`(The USDC to be swapped for vault asset).
The internal function `CreditDelegationBranch::_convertUsdcToAssets` defined in the contract takes the following parameters:
1. `uint128 dexSwapStrategyId`,
2. `address asset`, (The asset to be swapped)
3. `uint256 usdcAmount`,
4. `bytes memory path`,
5. `address recipient`,
6. `address usdc`
## Impact
The contract has more USDC asset compare to the vault asset (the vault asset becomes zero).
## Recommendations
Replace the varable `ctx.vaultAsset` with `ctx.usdc` because `ctx.usdc` is suppose to be swapped not `ctx.vaultAsset`
```diff
ctx.assetOutAmount = _convertUsdcToAssets(
vault.swapStrategy.assetDexSwapStrategyId,
- ctx.vaultAsset,
+ ctx.usdc,
ctx.usdcIn,
vault.swapStrategy.assetDexSwapPath,
vault.indexToken,
ctx.usdc
);
```
Prize pool breakdown
Total prize
70,000 USDC
nSLOC
3,25821 USDC / LOC
66,500
3,500
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.