Closed github-actions[bot] closed 1 year ago
We’ve done multiple full circle integration tests on a forked mainnet against the actual Alchemix deployment and have never run into this issue.
Since we atomically deposit into Alchemix and mint a debt in the same transaction (as part of register_deposit
) this is not an issue.
If done over multiple transactions / blocks where the deposited collateral already accrues a yield before the debt is taken out it can happen I assume.
But in our context not an issue.
That's weird, I'm also testing against a forked mainnet using Foundry and Alchemy for my fork URL. I ran into this issue because I was testing a POC for another issue where I was using register_deposit
, then got a failing EVM: revert
for it.
Let me test out with Tenderly.
That's weird, I'm also testing against a forked mainnet using Foundry and Alchemy for my fork URL. I ran into this issue because I was testing a POC for another issue where I was using
register_deposit
, then got a failingEVM: revert
for it.Let me test out with Tenderly.
Let me know if I can help somehow.
Verified with Tenderly that debt
will be 0, seems like it's an issue with ~Foundry~ Alchemy (tested with another RPC, confirmed 0 debt
).
That said, I think it should still be fixed. #115 covers the generic issue, but only states the possibility. A possible scenario would be where the debt is fully paid off through repay()
after minting => DoS-ing future deposits.
We’ll review this issue again.
Conceptually it was always intended to have a short & limited auction period (days to weeks) and given the low APYs on Alchemix vaults (paired with mainnet tx costs) the scenarios of overlapping auctions and fully repaid debts was not a realistic scenario we optimized for. But we’ll definitely double check.
Closing the issue based on the above comments.
hickuphh3
high
First deposit fails because initial debt is negative
Summary
Before the first debt mint is performed, the initial
debt
returned will be negative after the first deposit. Converting between signed and unsigned integers reverts if the input is negative, thus causing the deposit to always fail.Vulnerability Detail
The 1st
register_deposit()
call will performdeposit_underlying()
to transfer WETH into the alchemist. Following which, it calls_calculate_amount_to_mint()
to see how much debt can be minted.The current debt amount is fetched in
_calculate_max_mintable_amount()
However, since no debt has been minted yet,
current_debt
returns a negative value. As a result, converting it touint256
reverts.POC
I copied over the contracts to a new foundry X vyper repo using https://github.com/0xKitsune/Foundry-Vyper and setup mainnet forking.
Here's an actual deposit showing how the debt is negative initially, before minting.
Impact
The first deposit will always revert.
Code Snippet
https://github.com/sherlock-audit/2023-02-fair-funding/blob/main/fair-funding/contracts/Vault.vy#L269
Tool used
Foundry, Mainnet Forking, Manual Review
Recommendation
The bigger question here is that as repayments can be both automatic (from strategies) or manual, the debt amount becomes less negative over time.
Consider how to handle the case where debt is negative.