equity = 0
High Risk
https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/strategy/gmx/GMXReader.sol#L48
The vulnerability in the valueToShares
function exposes users to significant losses in case the equity (currentAllAssetValue - debtBorrowed)
becomes zero due to strategy losses, users receive disproportionately low shares, and take a loss Immediately.
value
= equityAfter
- equityBefore
, while:equity
= totalAssetValue
- totalDebtValue
.
and we can see that here : function processDeposit(GMXTypes.Store storage self) external {
self.depositCache.healthParams.equityAfter = GMXReader.equityValue(self);
>> self.depositCache.sharesToUser = GMXReader.valueToShares(
self,
self.depositCache.healthParams.equityAfter - self.depositCache.healthParams.equityBefore,
self.depositCache.healthParams.equityBefore
);
GMXChecks.afterDepositChecks(self);
}
// value to shares function :
function valueToShares(GMXTypes.Store storage self, uint256 value, uint256 currentEquity)
public
view
returns (uint256)
{
uint256 _sharesSupply = IERC20(address(self.vault)).totalSupply() + pendingFee(self); // shares is added
>> if (_sharesSupply == 0 || currentEquity == 0) return value;
>> return value * _sharesSupply / currentEquity;
}
0
, the shares minted to the user equal the deposited value itself. The equity value can become zero due to various factors such as strategy losses or accumulated lending interests... ectsvToken
(shares).svToken
is (1,000,000 * 1e18) (indicating users holding these shares).100 * 100 * 1e18 / 1,000,000 = 0.001 USD
(value * equity / totalSupply).Notice: If the total supply is higher, the user loses more value, and vice versa.
manual review