Part 2

Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Submission Details
Severity: medium
Invalid

Unchecked EnumerableSet Access in `_recalculateConnectedMarketsState()` Can Cause Reverts

The _recalculateConnectedMarketsState() function retrieves market IDs from an EnumerableSet.UintSet without verifying whether the index exists, leading to potential out-of-bounds access and contract reverts. Specifically, the following code assumes connectedMarkets.at(i) will always return a valid value:

rehydratedConnectedMarketsIdsCache[i] = connectedMarkets.at(i).toUint128();

However, if connectedMarkets is modified between iterations such as during vault updates, the stored connectedMarketsIdsCache may become stale, causing at(i) to revert when accessing an index that no longer exists. Since this function is used in recalculateVaultsCreditCapacity(), which updates vault credit delegation, a single market modification can lead to system-wide failures in vault recalculations.

Impact:

A vault recalculation operation can unexpectedly revert, preventing critical updates to vault credit capacity and leading to blocked credit delegation operations across the protocol.

Mitigation:

Before accessing connectedMarkets.at(i), explicitly check that i < connectedMarkets.length() to prevent out-of-bounds access errors.

Updates

Lead Judging Commences

inallhonesty Lead Judge
5 months ago
inallhonesty Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.