Part 2

Summary

The `_updateCreditDelegations` function Updates the vault's credit delegations to its connected markets, using the provided cache of connected market ids. It calculates newCreditDelegationUsd value and based on that calculates the creditDeltaUsd value. However in some cases if the newCreditDelegation value is 0, the calculation of creditDelta undeflows and causes the function to revert

##Relevant Links

https://github.com/Cyfrin/2025-01-zaros-part-2/blob/35deb3e92b2a32cd304bf61d27e6071ef36e446d/src/market-making/leaves/Vault.sol#L546-L617

calculation of newCreditDelegationUsd value:

calculation of creditDeltaUsd value(which could underflow):

Vulnerability Details

The creditDeltaUsd is calculated as the delta between newCreditDelegationUsdX18 and previousCreditDelegationUsdX18 using the sub operation. Let's trace how these values are determined:

• newCreditDelegationUsdX18 is calculated as either:

  • vaultCreditCapacityUsdX18.intoUD60x18().mul(creditDelegationShareX18) if vault's credit capacity > 0

  • UD60x18_ZERO if vault's credit capacity ≤ 0

• previousCreditDelegationUsdX18 comes from creditDelegation.valueUsd which is the stored credit delegation value

An underflow could occur if previousCreditDelegationUsdX18 > newCreditDelegationUsdX18. This scenario is actually possible in several cases:

• When the vault's credit capacity decreases (due to asset value decrease or debt increase )

• When the credit delegation share decreases

• When the vault becomes insolvent (credit capacity ≤ 0), newCreditDelegationUsdX18 would be 0 while previousCreditDelegationUsdX18 could be positive

• when asset value and debt become equal, the totalCreditCapacity would become 0 and in turn newCreditDelegationUsd would be assigned the value of 0

The UD60x18 type from PRBMath is designed to revert on underflow, which means this operation could indeed revert in these scenarios. This could be problematic as it might prevent necessary credit delegation adjustments when they need to decrease.

Impact

This could be problematic as it might prevent necessary credit delegation adjustments when they need to decrease.The issue could be considered medium to high severity since it could prevent the protocol from properly adjusting credit delegations downward, potentially leading to accounting issues or locked states in certain market conditions.

Tools Used

Manual Review

Recommendations

Either change the type of newCreditDelegationUsdX18 value to SD59X18 so that it can handle negative values and wouldnt underflow or add a check if(newCreditDelegation.isZero())before the sub operation to handle this case