CreditDelegationBranch::depositCreditForMarket cannot update market realized debt properly
Summary
The function CreditDelegationBranch::depositCreditForMarket calls market.settleCreditDeposit, which modifies realizedDebtUsdPerVaultShare. However, if CreditDelegationBranch::updateMarketCreditDelegations is called immediately after, it resets realizedDebtUsdPerVaultShare to its previous value, effectively undoing the changes made by settleCreditDeposit.
Vulnerability Details
When engine calls depositCreditForMarket to deposit USDC, settleCreditDeposit is called with address zero. So no asset from creditDeposits is removed in market storage. The settleCreditDeposit just updates the usdc amount and realized debt per vault share. But if immediately someone calls updateMarketCreditDelegations, it will update the realizedDebtUsdPerVaultShare to previous value.
call stack:
updateMarketCreditDelegations -> Vault::recalculateVaultsCreditCapacity -> _recalculateConnectedMarketsState
The _recalculateConnectedMarketsState calls Market::getRealizedDebtUsd to get all realized debt. This function returns all the added value of credit deposits in USD. _recalculateConnectedMarketsState will then call distributeDebtToVaults to update the realizedDebtUsdPerVaultShare.
Since when calling settleCreditDeposit, address zero is passed, no credit address is removed. So getRealizedDebtUsd will return the same value even after credit is settled. As a result realizedDebtUsdPerVaultShare will go back to previous value.
Impact
Markets will continue showing higher realized debt than they should.
If
updateMarketCreditDelegations()is called immediately, the debt settlement is erased
Lead Judging Commences
depositCreditForMarket cannot update market realized debt properly
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.