Part 2

Zaros

PerpetualsDEXFoundrySolidity

70,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Amount in being passed as usd instead of collateral for in credit vault.

brgltd

Summary

The settling vaults in credit, it's currently passing the amountIn in usd but it should pass amountIn as collateral for calculateSwapAmount

Vulnerability Details

The settleCreditDeposit in CreditDelegationBranch will pass the usd amount for the credit case as input for calculateSwapAmount. However, the correct approach is to pass the amount of collteral. Since the dexAdapter accepts the amountIn of tokenIn.

USD being pass as amountIn:

// for credit case

ctx.usdcIn = calculateSwapAmount(

dexSwapStrategy.dexAdapter,

ctx.vaultAsset, // token in

ctx.usdc, // token out

usdcCollateralConfig.convertSd59x18ToTokenAmount(ctx.vaultUnsettledRealizedDebtUsdX18.abs())

);

calculateSwapAmount calling dexAdapter

function calculateSwapAmount(

address dexAdapter,

address assetIn,

address assetOut,

uint256 vaultUnsettledDebtUsdAbs

)

public

view

returns (uint256 amount)

{

// calculate expected asset amount needed to cover the debt

amount = IDexAdapter(dexAdapter).getExpectedOutput(assetIn, assetOut, vaultUnsettledDebtUsdAbs);

}

dexAdapter

/// @notice Get the expected output amount

/// @param tokenIn The token in address

/// @param tokenOut The token out address

/// @param amountIn The input amount in native precision of tokenIn

/// @return expectedAmountOut The expected amount out in native precision of tokenOut

function getExpectedOutput(

address tokenIn,

address tokenOut,

uint256 amountIn

)

As we can see, the amountIn is relative to the tokenIn.

Impact

Will result in an incorrect amount of usd being calculated and unbalanced debt/credit calculations.

Tools Used

Manual review.

Recommendations

Pass the amountIn as collateral instead of usd when calling calculateSwapAmount when settling vault for the credit case.

Updates

Lead Judging Commences

inallhonesty Lead Judge

3 months ago

inallhonesty Lead Judge 3 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

70,000 USDC

nSLOC

3,258

21 USDC / LOC

High Medium

66,500

Low

3,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.