Summary

The swap pricing mechanism in StabilityBranch.initiateSwap uses outdated debt calculations due to missing state updates, allowing swaps to execute against obsolete financial positions. This occurs because:

• Swap rate calculations depend on vault debt state updated via Vault.recalculateVaultsCreditCapacity

• No enforcement exists to ensure fresh debt data before swap execution

• Slippage checks and balance validations operate on stale values

This mismatch between reported and actual vault state creates pricing errors that could lead to direct financial losses for users and protocol insolvency risks.

Vulnerability Details

The swap rate calculation in StabilityBranch.initiateSwap (StabilityBranch.sol#L254-L255) relies on debt state values (marketsRealizedDebtUsd, depositedUsdc, marketsUnrealizedDebtUsd) that become stale if not updated via Vault.recalculateVaultsCreditCapacity:

the function Vault.recalculateVaultsCreditCapacity is critical for:

1. Processing market debt distributions

2. Updating deposited USDC balances

3. Resetting unrealized debt tracking

Without calling this function prior to swap initiation:

• Debt calculations in Vault.getTotalDebt use outdated values

• Premium/discount factors in StabilityBranch.getAmountOfAssetOut become inaccurate

• Slippage checks and vault balance validations operate on incorrect assumptions

This creates protocol instability where:

• Valid swaps might revert due to miscalculated slippage thresholds

• Invalid swaps could pass checks using stale debt data

• Asset pricing diverges from actual vault collateralization state

The missing state update call creates a time window where swap operations execute against obsolete financial positions, violating core protocol accounting assumptions.

Impact

The use of stale debt data in swap rate calculations leads to three primary risks:

1. Financial Losses for Users
   Traders may receive incorrect swap rates resulting in:

   • Overpayment when buying vault assets

   • Underpayment when selling USDz tokens

   • Slippage protections failing to prevent unfavorable trades

2. Vault Insolvency Risk
   Outdated debt tracking could allow:

   • Swaps to drain undercollateralized vaults

   • Negative equity positions going undetected

   • Protocol-wide contagion through interconnected markets

3. Protocol Accounting Corruption
   Persistent state inconsistencies may:

   • Break USDz peg maintenance mechanisms

   • Distribute incorrect WETH rewards to LPs

   • Cause cascading failures in auto-deleveraging systems

These impacts directly violate core protocol guarantees of fair pricing and collateral-backed swaps, creating systemic risk for all participants.

Tools Used

Manual Review

Recommendations

Implement debt state synchronization before swap processing:

1. Add Pre-Swap Recalculation
   Call Vault.recalculateVaultsCreditCapacity in StabilityBranch.initiateSwap before accessing debt data:

   for (uint256 i; i < vaultIds.length; i++) {

   Vault.Data storage vault = Vault.load(vaultIds[i]);

   vault.recalculateVaultsCreditCapacity(); // Add this line

   // Existing swap logic...

   }

2. Implement State Freshness Checks
   Add timestamp-based validation in Vault.getTotalDebt (Vault.sol#LXXX-LXXX):

   require(block.timestamp - lastUpdateTimestamp < MAX_STALE_TIME, "Debt data stale");

3. Automate Debt Updates
   Integrate with Chainlink Automation to trigger regular recalculations:

   • Schedule periodic updates (e.g., hourly)

   • Trigger on significant price movements

   • Activate before large swap operations

These changes ensure swap calculations always use current debt data, maintaining protocol accounting integrity and protecting user funds.