Part 2

Summary

The isAutoDeleverageTriggered function fails to activate the auto deleverage mechanism when the market's total debt equals or exceeds its delegated credit, allowing the market to remain in a potentially insolvent state.

Vulnerability Details

The isAutoDeleverageTriggered function is designed to determine when the auto deleverage mechanism should be activated based on the market's debt and credit levels.

The function contains a logical flaw that prevents it from triggering when the market's total debt equals or exceeds its delegated credit. The function returns false if delegatedCreditUsdX18 is less than or equal to totalDebtUsdX18 or if it's zero. This logic fails to account for scenarios where the market is over-leveraged, allowing the system to remain in a potentially insolvent state without initiating necessary deleveraging actions.

Impact

I've rated this as medium because it allows the market to remain in an over-leveraged and potentially insolvent state without triggering necessary deleveraging actions. This can lead to financial instability and potential losses for the protocol and its users. However, if the system has other mechanisms in place to manage over-leveraged conditions, such as manual intervention or alternative risk management strategies, the finding may be less critical. Nonetheless, markets can naturally become over-leveraged due to fluctuations in debt and credit levels. Without the correct logic to trigger deleveraging, the system is at risk of insolvency.

Tools Used

Manual Review

For example, let's say a market becomes overleveraged and the market's total debt equals or exceeds its delegated credit. The isAutoDeleverageTriggered function returns false, failing to activate the deleverage mechanism.

Recommendations

Modify the logic to ensure the deleverage mechanism is triggered when the market is over-leveraged, even when the total debt equals or exceeds the delegated credit.