Issue with Incomplete State Finalization in _runSwap for FLOW.DEPOSIT
Summary
The missing call to _finalize after the Dex operation prevents the contract from updating the state properly, leaving it in an inconsistent state where FLOW.DEPOSIT is not cleared. This prevents other critical functions from being executed as expected.
Vulnerability Details
In the case of FLOW.DEPOSIT, the protocol might deposit through the _runSwap function. However, after performing the Dex operation, it only calls _mint and does not invoke the _finalize function, leading to state variables such as flow not being cleared. As a result, the protocol remains in the FLOW.DEPOSIT state, preventing the execution of further steps like withdraw or run.
Impact
This issue can result in an indefinite blockage of the protocol’s workflow, as the protocol remains in the FLOW.DEPOSIT state. Users will not be able to perform withdrawals or execute other steps.
Tools Used
manual
Recommendations
Lead Judging Commences
finding_deposit_1x_long_dex_positionIsOpened_DoS_Flow
Likelihood: Medium/High, - Leverage = 1x - beenLong = True - positionIsClosed = False - Metadata → 1 length and Dex Swap Impact: Medium/High, DoS on any new action before the admin uses setVaultState Since this seems to be the most probable path for a 1x PerpVault, this one deserves a High.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.