Part 2

Zaros

PerpetualsDEXFoundrySolidity

70,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Potential failure during vault debt settlement due to insufficient asset coverage

tigerfrake

Summary

The settleVaultsDebt() function in the vault management system attempts to swap the vault's assets for USDC to cover any unsettled debt. However, there is a risk that the calculated swap amount may exceed the actual available assets in the vault, leading to potential transaction failures as this is not handled gracefully.

Vulnerability Details

In the current implementation, the function calculates the amount of assets to swap using the calculateSwapAmount() function. This calculated swapAmount is then used in the _convertAssetsToUsdc() function to approve and execute the swap.

// @audit-info calculates the amount of assets to swap

>. ctx.swapAmount = calculateSwapAmount(

dexSwapStrategy.dexAdapter,

ctx.usdc,

ctx.vaultAsset,

usdcCollateralConfig.convertSd59x18ToTokenAmount(ctx.vaultUnsettledRealizedDebtUsdX18.abs())

);

// @audit-info Attempt to convert assets to USDC directly

>> ctx.usdcOut = _convertAssetsToUsdc(

vault.swapStrategy.usdcDexSwapStrategyId,

ctx.vaultAsset,

ctx.swapAmount,

vault.swapStrategy.usdcDexSwapPath,

address(this),

ctx.usdc

);

Notice that within the _convertAssetsToUsdc(), the dexAdapter is approved to spend the swapAmount calculated above:

// approve the asset to be spent by the dex adapter contract

DexSwapStrategy.Data storage dexSwapStrategy = DexSwapStrategy.loadExisting(dexSwapStrategyId);

>> IERC20(asset).approve(dexSwapStrategy.dexAdapter, assetAmount);

If the swapAmount exceeds the vault's available assets, the approval will fail when the dexAdapter attempts to pull this amount, resulting in a transaction failure.

Impact

If the calculated swapAmount exceeds the available assets in the vault, the transaction will fail. This could lead to a situation where the vault remains in debt, as the intended asset conversion to cover the debt would not occur.

Tools Used

Manual Review

Recommendations

Implement a mechanism to use the available assets amount if it cannot fully clear the debt.

ctx.swapAmount = calculateSwapAmount(

dexSwapStrategy.dexAdapter,

ctx.usdc,

ctx.vaultAsset,

usdcCollateralConfig.convertSd59x18ToTokenAmount(ctx.vaultUnsettledRealizedDebtUsdX18.abs())

);

// @audit Adjust to available amount

+ if (ctx.swapAmount > IERC20(ctx.vaultAsset).balanceOf(vault.indexToken)) {

+ ctx.swapAmount = IERC20(ctx.vaultAsset).balanceOf(vault.indexToken);

+ }

// @audit Proceed to convert assets to USDC

ctx.usdcOut = _convertAssetsToUsdc(

vault.swapStrategy.usdcDexSwapStrategyId,

ctx.vaultAsset,

ctx.swapAmount,

vault.swapStrategy.usdcDexSwapPath,

address(this),

ctx.usdc

);

Updates

Lead Judging Commences

inallhonesty Lead Judge

6 months ago

inallhonesty Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

70,000 USDC

nSLOC

3,258

21 USDC / LOC

High Medium

66,500

Low

3,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.