Closed code423n4 closed 2 years ago
int256 delta = int256(
unifiedAssets[i] - unifiedTotalAssets.mul(targetPercents[i]).div(PERCENTAGE_DECIMAL_FACTOR)
);
It seems that there's a mathematical possibility that assets will have an ideal proportion between vaults and delta might be 0.
Duplicate of #2 to high risk.
Handle
shw
Vulnerability details
Impact
The
sortVaultsByDelta
function ofExposure
does not properly initialize themaxIndex
andminIndex
variables. Consider an edge case where thedelta
of the three stable coins are all 0. ThemaxIndex
andminIndex
variables will be all 0 andvaultIndexes
will be[0, 3, 0]
, which are invalid. The results of the users' deposits could be affected by this bug.Proof of Concept
Referenced code: Exposure.sol#L178-L210
Recommended Mitigation Steps
Initialize
maxIndex
andminIndex
to0
and1
to handle this edge case while being correct in other cases.