Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Dead Code in VaultReader

destiny

Summary

The getPriceImpactInCollateral function in VaultReader.sol contains a line of code that references an undeclared variable (realSizeInTokensDelta), rendering it dead code. This line does not affect the function's logic or output and may indicate incomplete or erroneous logic.

https://github.com/CodeHawks-Contests/2025-02-gamma/blob/e5b98627a4c965e203dbb616a5f43ec194e7631a/contracts/VaultReader.sol#L166

https://github.com/CodeHawks-Contests/2025-02-gamma/blob/e5b98627a4c965e203dbb616a5f43ec194e7631a/contracts/VaultReader.sol#L167

Vulnerability Details

Faulty Code Snippet:

function getPriceImpactInCollateral(
bytes32 positionKey,
uint256 sizeDeltaInUsd,
uint256 prevSizeInTokens,
MarketPrices memory prices
) external view returns (int256) {
uint256 expectedSizeInTokensDelta = sizeDeltaInUsd / prices.indexTokenPrice.min;
uint256 curSizeInTokens = getPositionSizeInTokens(positionKey);
// Calculate actual size delta in tokens
int256 realSizeInTokensDelta = (curSizeInTokens - prevSizeInTokens).toInt256();
// Calculate price impact (example formula)
int256 priceImpactInTokens = realSizeInTokensDelta * prices.indexTokenPrice.min.toInt256();
// Convert to collateral token terms
int256 priceImpactInCollateralTokens = priceImpactInTokens / prices.shortTokenPrice.min.toInt256();
return priceImpactInCollateralTokens;
}

Undeclared Variable: realSizeInTokensDelta is not defined anywhere in the function or contract. This line has no effect and will cause a compilation error if uncommented.

Logical Gap: The calculation of priceImpactInTokens is missing. The variable priceImpactInTokens is also undeclared, making the function incomplete and non-functional.

Impact

  1. Compilation Errors: The contract fail to function properly.

  2. Logical Errors: Incorrect price impact calculations could lead to faulty risk management (e.g., liquidations, fees).

Tools Used

Static Analysis

Recommendations

  • Remove Dead Code: Delete the line realSizeInTokensDelta.toInt256();.

  • Define Missing Variables: Calculate priceImpactInTokens using valid inputs (e.g., curSizeInTokens and prevSizeInTokens).

function getPriceImpactInCollateral(
bytes32 positionKey,
uint256 sizeDeltaInUsd,
uint256 prevSizeInTokens,
MarketPrices memory prices
) external view returns (int256) {
uint256 expectedSizeInTokensDelta = sizeDeltaInUsd / prices.indexTokenPrice.min;
uint256 curSizeInTokens = getPositionSizeInTokens(positionKey);
// Calculate actual size delta in tokens
int256 realSizeInTokensDelta = (curSizeInTokens - prevSizeInTokens).toInt256();
// Calculate price impact (example formula)
int256 priceImpactInTokens = realSizeInTokensDelta * prices.indexTokenPrice.min.toInt256();
// Convert to collateral token terms
int256 priceImpactInCollateralTokens = priceImpactInTokens / prices.shortTokenPrice.min.toInt256();
return priceImpactInCollateralTokens;
}

After Fixes:

  1. Remove Dead Code: Eliminated the line realSizeInTokensDelta.toInt256();.

  2. Add Missing Logic:

    Calculate realSizeInTokensDelta as the difference between curSizeInTokens and prevSizeInTokens.

    Define priceImpactInTokens using the actual token delta and market prices.

  3. Explicit Conversions: Use SafeCast for type conversions (e.g., toInt256()).

Verification

Test Case 1 (Valid Inputs):

sizeDeltaInUsd = 100_000 (30 decimals), prices.indexTokenPrice.min = 2000 (30 decimals).

expectedSizeInTokensDelta = 100_000 / 2000 = 50 tokens.

If curSizeInTokens = 60 and prevSizeInTokens = 10, realSizeInTokensDelta = 50.

Output: priceImpactInCollateralTokens = (50 * 2000) / 1_000_000 = 0.1 (if shortTokenPrice.min = 1_000_000).

Updates

Lead Judging Commences

n0kto Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
n0kto Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.