Summary

The function UsdTokenSwapConfig::getPremiumDiscountFactor calculates a premium or discount factor based on a vault's debt-to-asset ratio. It uses parameters from a predefined curve for determining the premium or discount. However, there is no validation for the curve parameters to ensure that the minimum values are less than the maximum values, which can lead to incorrect or unexpected behavior when calculating the premium or discount.

Vulnerability Details

The function does not perform validation checks on the curve parameters pdCurveXMinX18, pdCurveXMaxX18, pdCurveYMinX18, and pdCurveYMaxX18 to ensure that the minimum values are indeed less than their respective maximum values. Specifically, it is possible for pdCurveXMinX18 to be greater than or equal to pdCurveXMaxX18 or for pdCurveYMinX18 to be greater than or equal to pdCurveYMaxX18, which would result in invalid curve calculations and may cause unexpected results.

Impact

The lack of validation on curve bounds may cause the premium or discount calculation to yield erroneous results. This can lead to incorrect premium or discount factors being applied, potentially resulting in economic loss or unintended behavior in the contract's logic. This can especially affect vault users by either overcharging or undercharging them for the premium/discount rates.

Tools Used

Recommendations

It is recommended to add validation to ensure that the curve parameters are correctly set. Specifically, add the following checks to ensure that the minimum values are smaller than the maximum values:

By enforcing these checks, the function can ensure that the curve parameters are valid and prevent unexpected behaviors in the premium or discount calculations.