Premium/discount factor calculation is reversed in `getPremiumDiscountFactor()`
Summary
The getPremiumDiscountFactor() function applies a premium when vault is in debt and a discount when in credit, which destabilizes the vault's financial position.
Vulnerability Details
The issue exists in the getPremiumDiscountFactor() function where the premium/discount calculation is reversed:
When vaultDebtUsdX18 is negative (vault in credit), the function subtracts pdCurveYX18 applying a discount, and when positive (vault in debt), it adds pdCurveYX18 applying a premium. This is the opposite of what should happen - vaults in debt should have discounts to encourage deposits, while vaults in credit should have premiums to discourage withdrawals.
Impact
The incorrect premium/discount application allows traders to withdraw more assets when vaults are in debt and less assets when vaults are in credit.
Recommendations
Reverse the premium/discount logic by swapping the addition and subtraction operations in getPremiumDiscountFactor().
Lead Judging Commences
The getPremiumDiscountFactor() function applies premiums and discounts inversely to what would maintain protocol stability
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.