Closed sherlock-admin closed 1 year ago
XKET
high
priceDiff is wrongly implemented so Vault.storePriceAndRewards will revert when the LP price goes down.
priceDiff
Vault.storePriceAndRewards
In Vault.storePriceAndRewards, priceDiff is used when we calculate rewardPerLockedToken.
rewardPerLockedToken
The implementation is as follows:
int256 priceDiff = int256(currentPrice - lastPrices[_protocolId]);
The subtraction is called before conversion to int256. So it will revert when currentPrice < lastPrice.
int256
currentPrice
lastPrice
It will block storePriceAndRewards is called during rebalance, and rebalance is a very important functionality, so it has a high impact.
storePriceAndRewards
rebalance
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/Vault.sol#L233
Manual Review
Use Conversion before subtraction.
int256 priceDiff = int256(currentPrice) - int256(lastPrices[_protocolId]);
Duplicate of #408
XKET
high
Underflow during LP price diff calculation
Summary
priceDiffis wrongly implemented soVault.storePriceAndRewardswill revert when the LP price goes down.Vulnerability Detail
In
Vault.storePriceAndRewards,priceDiffis used when we calculaterewardPerLockedToken.The implementation is as follows:
The subtraction is called before conversion to
int256. So it will revert whencurrentPrice<lastPrice.Impact
It will block
storePriceAndRewardsis called duringrebalance, andrebalanceis a very important functionality, so it has a high impact.Code Snippet
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/Vault.sol#L233
Tool used
Manual Review
Recommendation
Use Conversion before subtraction.
Duplicate of #408