Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Deposits will be bricked if the respective curve vault is shut down.

SlayerSecurity

Summary

As the title suggests, deposits will be bricked if the respective curve vault is shut down.

Vulnerability Details

The interface ICurveCrvUSDVault corresponds to the VaultV3 by Yearn. This interface has a isShutDown function:

/**
* @notice Checks if vault is in shutdown state
* @return True if vault is shutdown
*/
function isShutdown() external view returns (bool);

If the vault is shut down for any reason, the deposits into the curve vault will revert. If you look at the shutdown function in VaultV3 :

def shutdown_vault():
"""
@notice Shutdown the vault.
"""
self._enforce_role(msg.sender, Roles.EMERGENCY_MANAGER)
assert self.shutdown == False
# Shutdown the vault.
self.shutdown = True
# Set deposit limit to 0.
if self.deposit_limit_module != empty(address):
self.deposit_limit_module = empty(address)
log UpdateDepositLimitModule(empty(address))
self.deposit_limit = 0
log UpdateDepositLimit(0)
new_roles: Roles = self.roles[msg.sender] | Roles.DEBT_MANAGER
self.roles[msg.sender] = new_roles
log RoleSet(msg.sender, new_roles)
log Shutdown()

It sets the deposit limit to 0. Hence, the max_deposit for a user in the vault will be 0. Therefore the _deposit function reverts if an amount greater than 0 is used to deposit.

def _deposit(recipient: address, assets: uint256, shares: uint256):
"""
Used for `deposit` and `mint` calls to transfer the amount of `asset` to the vault,
issue the corresponding `shares` to the `recipient` and update all needed
vault accounting.
"""
assert assets <= self._max_deposit(recipient), "exceed deposit limit"

But, whenever this condition is true in _rebalanceLiquidity (called whenever a user calls deposit function of LendingPool):

if (currentBuffer > desiredBuffer) {
uint256 excess = currentBuffer - desiredBuffer;
// Deposit excess into the Curve vault
_depositIntoVault(excess);
}
function _depositIntoVault(uint256 amount) internal {
IERC20(reserve.reserveAssetAddress).approve(address(curveVault), amount);
curveVault.deposit(amount, address(this));
totalVaultDeposits += amount;
}

The LendingPool tries to deposit the excess amount into the curve vault. But, when the curve vault is shut down, the deposit calls will revert. Hence, the users won't be able to deposit and their calls will revert.

Impact

depositcalls will be bricked. The protocol won't be able to receive deposits from the users.

Tools Used

Manual review

Recommendations

Before depositing into the curve vault, check whether the vault is shut down. If it's shut, then do not deposit it in the curve vault. The deposit can stay in the LendingPool. This will prevent the deposits from being bricked.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool core operations revert if Curve vault is unavailable during rebalancing, even when sufficient liquidity exists in the pool

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool core operations revert if Curve vault is unavailable during rebalancing, even when sufficient liquidity exists in the pool

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.