Submission Details
Severity:
`CreditDelegation` can not be decreased.
Summary
The CreditDelegation of the market cannot be decreased.
Vulnerability Details
function _updateCreditDelegations(
...
)
...
{
...
for (uint256 i; i < connectedMarketsIdsCache.length; i++) {
...
if (totalCreditDelegationWeightCache != 0) {
...
// calculate the delta applied to the market's total delegated credit
581: UD60x18 creditDeltaUsdX18 = newCreditDelegationUsdX18.sub(previousCreditDelegationUsdX18);
// loads the market's storage pointer and update total delegated credit
Market.Data storage market = Market.load(connectedMarketId);
market.updateTotalDelegatedCredit(creditDeltaUsdX18);
// if new credit delegation is zero, we clear the credit delegation storage
if (newCreditDelegationUsdX18.isZero()) {
creditDelegation.clear();
} else {
// update the credit delegation stored usd value
creditDelegation.valueUsd = newCreditDelegationUsdX18.intoUint128();
}
}
}
}
As we can see, creditDeltaUsdX18 is unsigned integer value.
As a result, the TotalDelegatedCredit of the market could not be decreased.
Impact
Markets don't work as intended.
Recommendations
Consider using creditDeltaUsdX18 with a signed value instead of an unsigned value.
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
Vault::_updateCreditDelegations uses unsigned UD60x18 for credit delegation delta calculation which will underflow on any decrease in credit delegation amount
Prize pool breakdown
Total prize
70,000 USDC
nSLOC
3,25821 USDC / LOC
66,500
3,500
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.