Part 2

Zaros

PerpetualsDEXFoundrySolidity

70,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

`depositCreditForMarket` should recalculate the credit capacity first.

cipher27

Summary

The depositCreditForMarket function accepts deposits based on old vault states by not recalculating credit capacity beforehand.

Vulnerability Details

The function directly updates market state without recalculating vault credit capacities.

309 function depositCreditForMarket(

310 uint128 marketId,

311 address collateralAddr,

312 uint256 amount

313 )

314 external

315 onlyRegisteredEngine(marketId)

316 {

317 if (amount == 0) revert Errors.ZeroInput("amount");

318

319 // loads the collateral's data storage pointer, must be enabled

320 Collateral.Data storage collateral = Collateral.load(collateralAddr);

321 collateral.verifyIsEnabled();

...

334 if (collateralAddr == usdToken) {

335 market.updateNetUsdTokenIssuance(unary(amountX18.intoSD59x18()));

336 } else {

337 if (collateralAddr == usdc) {

338 market.settleCreditDeposit(address(0), amountX18);

339 } else {

340 market.depositCredit(collateralAddr, amountX18);

341 }

342 }

The function updates market state directly at lines 335-341 without first recalculating credit capacities, which can lead to incorrect credit delegation amounts since it relies on potentially outdated vault states.

Interestingly, withdrawUsdTokenFromMarket recalculates the credit capacity before updating the market state which is intentional.

Impact

The protocol uses stale debt values for critical calculations which results in incorrect credit delegation amounts and misaligned reward distributions.

Recommendations

Add a call to recalculateVaultsCreditCapacity at the beginning of depositCreditForMarket function to ensure credit capacity calculations use up-to-date vault states.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Credit capacity calculation uses stale total assets in VaultRouterBranch::deposit by updating before the actual deposit, causing DOS in depositCreditForMarket

Prize pool breakdown

Total prize

70,000 USDC

nSLOC

3,258

21 USDC / LOC

High Medium

66,500

Low

3,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.