Submission Details
Severity:
`totalAssetsMinusVaultDebtX18` <= 0 is possible in `getVaultCreditCapacity`.
Summary
totalAssetX18 - vaultDebtInAssetsX18 can be equal to or less than 10 ** uint256(decimalOffset).
In that case, this breaks the assumption of the protocol that totalAssetsMinusVaultDebtX18 > 0.
SD59x18 totalAssetsMinusVaultDebtX18 =
totalAssetsX18.add(sd59x18(int256(10 ** uint256(decimalOffset)))).sub(vaultDebtInAssetsX18);
// @audit It may revert here or return 0
uint256 totalAssetsMinusVaultDebt = vault.collateral.convertSd59x18ToTokenAmount(totalAssetsMinusVaultDebtX18);
Impact
If the return value,
totalAssetsMinusVaultDebtis 0,VaultRouterBranch.getVaultAssetSwapRatewill revert with a divide-by-zero error.If
totalAssetsMinusVaultDebtX18is lower than zero,amountX18.intoUint256()will revert.
Tools Used
Manual
Recommendations
SD59x18 totalAssetsMinusVaultDebtX18 =
totalAssetsX18.add(sd59x18(int256(10 ** uint256(decimalOffset)))).sub(vaultDebtInAssetsX18);
+ if (totalAssetsMinusVaultDebtX18.lte(0)) {
+ revert InvalidValutCreditCapacity();
+ }
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
When totalAssetsMinusVaultDebtX18 is negative `convertSd59x18ToTokenAmount` reverts, making `getVaultCreditCapacity` revert, making a couple of core functions revert
Prize pool breakdown
Total prize
70,000 USDC
nSLOC
3,25821 USDC / LOC
66,500
3,500
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.