Vault stuck in DEPOSIT Flow due to missing finalization call
Summary
In the vault contract, when operating on 1x leverage vault and executing paraswap DEX swap only through _runSwap function and we are currently in DEPOSIT flow, the _runSwap function misses to call _finalize, leaving the vault in an incomplete state. This prevents users from interacting with the contract causing temporar DoS until the owner manually resets the vault state using ownerOnly setVaultState function.
Vulnerability Details
The issue arises within the _runSwap function, which is responsible for executing swaps during various flows, including DEPOSIT. When the flow is DEPOSIT, _mint is called to mint new shares, but _finalize is never invoked. As a result, the contract remains in the DEPOSIT flow indefinitely, blocking further operations such as additional deposits, withdrawals, or swaps.
Key observations:
_runSwapcalls_mintfor DEPOSIT but does not finalize the flow._finalize(hex'')is not called, leaving the vault in a stuck state.The only way to reset the vault is for the owner to manually call
setVaultState.
Impact
Users are unable to interact with the vault once a DEPOSIT flow starts, leading to funds being locked.
The owner is required to manually intervene, reducing decentralization and introducing operational risks.
Tools Used
Manual Review
Recommendations
Ensure _finalize is called in _runSwap in DEPOSIT flow:
Lead Judging Commences
finding_deposit_1x_long_dex_positionIsOpened_DoS_Flow
Likelihood: Medium/High, - Leverage = 1x - beenLong = True - positionIsClosed = False - Metadata → 1 length and Dex Swap Impact: Medium/High, DoS on any new action before the admin uses setVaultState Since this seems to be the most probable path for a 1x PerpVault, this one deserves a High.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.