Part 2

Zaros

PerpetualsDEXFoundrySolidity

70,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Negative Debt Handling in `Market::getAutoDeleverageFactor` function marketDebtRatio Calculations

0x23r0

Summary

The getAutoDeleverageFactor function in the Market library does not handle cases where the market has excess credit (negative debt). When totalDebtUsdX18 is negative, the conversion to UD60x18 reverts due to an underflow error in the intoUD60x18 function. This prevents the ADL system from functioning correctly, even when the market is in a safe state with excess credit.

Vulnerability Details

The issue is in the getAutoDeleverageFactor function:

function getAutoDeleverageFactor(

Data storage self,

UD60x18 delegatedCreditUsdX18,

SD59x18 totalDebtUsdX18

) internal view returns (UD60x18 autoDeleverageFactorX18) {

SD59x18 sdDelegatedCreditUsdX18 = delegatedCreditUsdX18.intoSD59x18();

if (sdDelegatedCreditUsdX18.lte(totalDebtUsdX18) || sdDelegatedCreditUsdX18.isZero()) {

return UD60x18_UNIT;

}

// calculates the market ratio

UD60x18 marketDebtRatio = totalDebtUsdX18.div(sdDelegatedCreditUsdX18).intoUD60x18(); // <-- Reverts if totalDebtUsdX18 is negative

...

}

The issue arises because totalDebtUsdX18 can be negative when the market has excess credit (a safe state). When this value is passed to intoUD60x18, it reverts due to the underflow check in the intoUD60x18 function:

function intoUD60x18(SD59x18 x) pure returns (UD60x18 result) {

int256 xInt = SD59x18.unwrap(x);

if (xInt < 0) {

revert CastingErrors.PRBMath_SD59x18_IntoUD60x18_Underflow(x); // <-- Reverts on negative values

}

result = UD60x18.wrap(uint256(xInt));

}

Example Scenario:

totalDebtUsdX18 = -100 (market has excess credit)
delegatedCreditUsdX18 = 1000
The function attempts to calculate marketDebtRatio as totalDebtUsdX18.div(delegatedCreditUsdX18).intoUD60x18().
The conversion to UD60x18 reverts because totalDebtUsdX18 is negative.

Impact

The ADL cannot function when the market has excess credit, even though this is a safe state. This could lead to unnecessary reverts and prevent the protocol from operating as intended.

Tools Used

Manual review

Recommendations

To fix the issue, ensure that the getAutoDeleverageFactor function handles negative debt (excess credit) gracefully. Specifically, the function should return a zero deleverage factor when the market has excess credit, as no deleveraging is needed in such cases.

Updates

Lead Judging Commences

inallhonesty Lead Judge

10 months ago

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

70,000 USDC

nSLOC

3,258

21 USDC / LOC

High Medium

66,500

Low

3,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!