Vault::_updateCreditDelegations Will Revert If When Credit Capacity is Zero or Negative
Summary
The function _updateCreditDelegations updates vaults' credit delegations to connected markets.
The issue occurs in this line:
If newCreditDelegationUsdX18 is zero or less than previousCreditDelegationUsdX18, it will revert. This can happen when the vault's current credit capacity drops below its previous value.
Vulnerability Details
creditDeltaUsdX18 is a UD60x18 (unsigned decimal) type. When previousCreditDelegationUsdX18 > newCreditDelegationUsdX18, the subtraction:
results in a negative number, which unsigned types do not support, causing a revert.
Impact
The function will always revert when
newCreditDelegationUsdX18 <= previousCreditDelegationUsdX18, meaning the vault cannot reduce its credit delegation to it's connected marketsthe vault cannot update it's state through
recalculateVaultsCreditCapacity, as this function calls_updateCreditDelegations, meaning vault will stop updating it's states, users will lose rewards, depositors won't be able to withdraw funds from zlpvault
Recommendation
Use signed integers (SD59x18) for credit delta calculations.
This will eliminate the revert issue and can reduce delegated credit from market in case vault's credit capacity is less than or equal to zero
Lead Judging Commences
Vault::_updateCreditDelegations uses unsigned UD60x18 for credit delegation delta calculation which will underflow on any decrease in credit delegation amount
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.