Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

incorrect swap amount calculation in `rebalanceVaultAssets` when vault is in debt

seraviz

Summary

In CreditDelegationBranch.sol, the calculateSwapAmount function is called with reversed token order in rebalanceVaultsAssets, which could lead to incorrect swap amount calculations and potential underflows.

Relevant Links:

Vulnerability Details

In rebalanceVaultsAssets, calculateSwapAmount is called with USDC as assetIn and the vault's collateral asset as assetOutwhen the vault is in debt, where as the correct operation should be to swap the collateral asset to usdc. This leads to calculation of incorrect swap amounts

in the calculateSwapAmount call, the order of assetIn and assetOut is reversed:

ctx.swapAmount = calculateSwapAmount(
dexSwapStrategy.dexAdapter,
ctx.usdc, // This should be ctx.vaultAsset
ctx.vaultAsset, // This should be ctx.usdc
usdcCollateralConfig.convertSd59x18ToTokenAmount(ctx.vaultUnsettledRealizedDebtUsdX18.abs())
);

which is then passed as an input to perform the swap this could lead to wrong swap performed

Impact

This is a significant issue because it will calculate the wrong swap amount, potentially leading to incorrect debt settlement calculations.

Tools Used

Manual Review

Recommendations

the order of inputs to calculateSwapAmount should be corrected as shown below

ctx.swapAmount = calculateSwapAmount(
dexSwapStrategy.dexAdapter,
ctx.vaultAsset, // assetIn should be vault asset
ctx.usdc, // assetOut should be USDC
usdcCollateralConfig.convertSd59x18ToTokenAmount(ctx.vaultUnsettledRealizedDebtUsdX18.abs())
);
Updates

Lead Judging Commences

inallhonesty Lead Judge
4 months ago
inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.