Part 2

Zaros

PerpetualsDEXFoundrySolidity

70,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Missing Emergency Controls in CreditDelegationBranch Contract

cheatc0d33

Summary

The CreditDelegationBranch contract lacks emergency pause functionality specifically for credit deposits, which could allow continued capital inflow during critical situations requiring temporary halts. Lacking the ability to pause deposits could expose users to risks during market instabilities or technical issues.

The contract's depositCreditForMarket function accepts new credit deposits without any pause mechanism. While internal functions like _convertAssetsToUsdc are part of existing transaction flows and shouldn't be pausable, the entry point for new deposits should have emergency controls.

Impact

Without deposit pause controls, users could continue depositing assets during compromised market conditions, preventing the protocol from limiting new credit exposure during security incidents. This unrestricted deposit flow also complicates emergency upgrades since the system must handle active deposits while implementing fixes.

Proof of Concept

Current implementation allows unrestricted deposits:

function depositCreditForMarket(

uint128 marketId,

address collateralAddr,

uint256 amount

)

external

onlyRegisteredEngine(marketId)

{

// No way to pause new deposits

if (amount == 0) revert Errors.ZeroInput("amount");

// ... rest of deposit logic

}

Recommended Fix

import {Pausable} from "@openzeppelin/security/Pausable.sol";

contract CreditDelegationBranch is EngineAccessControl, Pausable {

// Add pause control only to deposit function

function depositCreditForMarket(

uint128 marketId,

address collateralAddr,

uint256 amount

)

external

whenNotPaused

onlyRegisteredEngine(marketId)

{

// Existing logic

}

function emergencyPause() external onlyOwner {

_pause();

}

function emergencyUnpause() external onlyOwner {

_unpause();

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

70,000 USDC

nSLOC

3,258

21 USDC / LOC

High Medium

66,500

Low

3,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.