Submission Details
Severity:
Missing check for invalid vaults
## Summary
Missing check for invalid vaults to be connected to a market in
`MarketMakingEngineConfigurationBranch::connectVaultsAndMarkets`
## Vulnerability Details
The function `MarketMakingEngineConfigurationBranch::connectVaultsAndMarkets` is respomsible for connected vaults to markets.
However, the function lacks if an non-existing(vault.id of zero) is included in the array.
## Impact
Connection of an empty vault to a live market.
## Recommendations
Use `loadExisting()` instead of `load` when looping through `vaultIds` arrays in
`MarketMakingEngineConfigurationBranch::connectVaultsAndMarkets`.
```diff
function connectVaultsAndMarkets(uint256[] calldata marketIds, uint256[] calldata vaultIds) external onlyOwner {
// revert if no marketIds are provided
if (marketIds.length == 0) {
revert Errors.ZeroInput("connectedMarketIds");
}
// revert if no vaultIds are provided
if (vaultIds.length == 0) {
revert Errors.ZeroInput("connectedVaultIds");
}
// define array that will contain a single vault id to recalculate credit for
uint256[] memory vaultIdToRecalculate = new uint256[](1);
// iterate over vault ids
for (uint128 i; i < vaultIds.length; i++) {
// if vault has connected markets
- if (Vault.load(vaultIds[i].toUint128()).connectedMarkets.length > 0) {
+ if (Vault.loadExisting(vaultIds[i].toUint128()).connectedMarkets.length > 0) {
// cache vault id
vaultIdToRecalculate[0] = vaultIds[i];
// recalculate the credit capacity of the vault
Vault.recalculateVaultsCreditCapacity(vaultIdToRecalculate); // This is calculating the capacity of each vault.
}
}
```
Updates
Prize pool breakdown
Total prize
70,000 USDC
nSLOC
3,25821 USDC / LOC
66,500
3,500
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.