Fast Khaki Raccoon
Medium
Out-of-sync check results in an overutilized vault despite the guards against it
Upon depositing to a vault using LendingAssetVault::depositToVault(), we have the following code:
function depositToVault(address _vault, uint256 _amountAssets) external onlyOwner {
...
uint256 _amountShares = IERC4626(_vault).deposit(_amountAssets, address(this));
...
vaultDeposits[_vault] += _amountAssets;
vaultUtilization[_vault] += _amountAssets;
_totalAssetsUtilized += _amountAssets;
...
}Upon depositing in the underlying vault, we have the following check:
uint256 _assetsUtilized = externalAssetVault.vaultUtilization(address(this));
bool _vaultOverUtilized = (1e18 * externalAssetVault.totalAssetsUtilized()) / externalAssetVault.totalAssets() > (1e18 * 8) / 10;
bool _pairOverAllocation = _assetsUtilized > externalAssetVault.vaultMaxAllocation(address(this));
if (_vaultOverUtilized || _pairOverAllocation) {
uint256 _extAmount = _assetsUtilized > _amount ? _amount : _assetsUtilized;
_withdrawToVault(_extAmount);
}It checks the utilisation and off-boards an according amount if we are over-utilised. The issue is that the utilisation increases only happen after the deposit, thus we will be over-utilised despite the guards.
No response
No response
- We deposit into a vault, we are currently at the maximum utilisation before off-boarding is required
- We do not off-board as it is not required yet
- As the increases are after the check, we are now over-utilised
Vault over-utilisation
No response
Refactor the code to not allow the mentioned issue in the report