Skip to content

Latest commit

 

History

History
59 lines (40 loc) · 2.67 KB

073.md

File metadata and controls

59 lines (40 loc) · 2.67 KB

Fast Khaki Raccoon

Medium

A vault can be considered not over-utilized when it is and vice versa upon depositing

Summary

A vault can be considered not over-utilized when it is and vice versa upon depositing

Root Cause

The root cause is only updating values for a particular vault when we are working with global values, this causes incorrect results.

Upon depositing in FraxlendPair, we have a mechanic to off-board some assets to the underlying vault if it is over-utilized:

 if (_vaultOverUtilized || _pairOverAllocation) {
        ...
       _withdrawToVault(_extAmount);
       ...
}

The issue is that the _vaultOverUtilized boolean used above can be incorrect, this is how it is computed:

(1e18 * externalAssetVault.totalAssetsUtilized()) / externalAssetVault.totalAssets() > (1e18 * 8) / 10;

The totalAssetsUtilized() and totalAssets() function calls can be out-of-sync as before that, we have this code:

externalAssetVault.whitelistUpdate(true);

This piece of code updates the asset metadata of a vault/pair. However, it only updates the metadata of the pair we are interacting from and not for the others due to the whitelistUpdate() implementation. This will result in out-of-sync values for totalAssetsUtilized() and totalAssets() as they are global values for all vaults/pairs.

Internal Pre-conditions

No response

External Pre-conditions

No response

Attack Path

  1. There are 2 vaults (VaultA and VaultB), each with an utilization of 100 tokens, both have a pending 10% CBR increase and both have the same LendingAssetVault as the external asset vault
  2. The current totalAssetsUtilized are 200 (100 + 100 = 200) and the totalAssets are 200, both values in the LendingAssetVault
  3. Upon a deposit in FraxlendPair which corresponds to VaultA, we update the utilization of vaultA to 110 (10% CBR increase as mentioned), the totalAssetsUtilized to 210 (10 token increase coming from the utilization increase) and totalAssets to 264 (again 10 token increase)
  4. The utilization ratio is 210 / 264 = 0,7954545455 which is below the required 0.8 or 80%
  5. The issue is that the utilization ratio is actually above 80% as if we factored in the other vault's pending update, we would have had totalAssetsUtilized equal to 220 and totalAssets equal to 274 which is 220 / 274 = 0,802919708, over 80% which is the threshold

Impact

A vault can be considered non over-utilized when it is which will result in a break of core contract functionality. The opposite can also happen if there is a pending CBR decrease.

PoC

No response

Mitigation

Update the metadata for all vaults instead