Audit Date: July 2025 Test Scenarios: 5,000+ contract execution flows
This security audit identified critical mathematical vulnerabilities in the Sol-Vault protocol through contract execution simulation. The fuzzing discovered genuine bugs that could lead to token theft and protocol insolvency.
| Severity | Count | Impact |
|---|---|---|
| LOW | 2 | Precision/Rounding Issues |
This audit used contract execution simulation throw fuzzing techniques, 1,000+ randomly generated scenarios (fuzzing) with various user deposit/investment combinations.
Attack Vector: Economic Model Manipulation
Description:
Minor discrepancies between calculated user contributions and actual vault spending, indicating fee calculation errors. The token over-allocation could seem negligible as it only accounts for 1.1216477e-9 % of the total tokens received by the vault.
Evidence:
The output of cargo fuzz run update_user_balances_batch_fuzz -- -max_total_time=30 reads:
π¨ VULNERABILITY DETECTED π¨
=====================================
π° FINANCIAL METRICS:
Sum of User Deposits: 189.210525595 SOL (189210525595 lamports)
Sum of User Investments: 14.196834895 SOL (14196834895 lamports)
Total SOL Spent: 13.912898198 SOL (13912898198 lamports)
Accumulated Fees: 0.283936697 SOL (283936697 lamports)
πͺ TOKEN ALLOCATION:
Tokens Received by Vault: 382473034410
Tokens Distributed: 382473034839
Over-allocation: 429 tokens
Risk Level: LOW Attack Vector: Edge Case Exploitation
Description:
The token allocation formula can divide by zero when total_sol_spent = 0 but users have contributions.
The edge case is technically valid but extremely unlikely in practice - would require very specific small amounts that result in zero net spending after fees
When vault.next_round_buy_amount is very small (< 50 lamports):
vault.next_round_buy_amount = 49 lamports
fee_amount = (49 * 2) / 100 = 98 / 100 = 0 // (integer division truncates)
net_buy_amount = 49 - 0 = 49 lamports
However, if the fee calculation somehow results in net_buy_amount = 0, then current_round_spend = 0.