Accounting errors in `addToPool` may cause `pool.poolBalance` to be higher than the actual balance in pool.
Summary
If a pool's loan token is a tax on transfer or rebasing token, funds will be accounted for incorrectly allowing for a Lender to have a higher balance than they otherwise should have which can lead to loses for Borrower.
Vulnerability Details
In the Lender.sol contract, addToPool() allows for the owner of the lending pool to add tokens to be borrowed. Since anyone can make a pool and use any token, whether unknowingly or with malicious intent a Lender can use a tax on transfer or rebasing token.
Since addToPool() takes an amount parameter and updates the pool based on the user input instead of checking for the actual amount deposited, Lender can potentially show a balance greater than what they have deposited, leading to miscalculations elsewhere.
Impact
The incorrect accounting can lead to a Lender being entitled to more tokens than they had originally deposited, potentially causing loss to Borrower since there is no check that the collateral token and loan token are not the same.
Tools Used
vs code and manual review
Recommendations
For tax on transfer tokens, use the the difference between balance before and balance after deposit to determine the accurate deposit amount.
For rebase tokens, either disallow them as a token or take a snapshot of the pool balance and provide a receipt token in the form of erc721 that can provide an account for user's borrow amount as a percentage of the pool at the time of the snapshot.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.