The balance of the pool (pool.poolBalance) is set without accounting for 'fee on transfer' or deflationary tokens which can lead to wrong balance values causing unintended issues as it is used by many functions for calculations.
setPool(Pool calldata p) -> this function sets the pool (pools[poolId] = p;).
If the erc20 token has a 'fee on transfer' mechanism then the poolBalance will be set wrongly as they are not accounted for.
Same issue in the
addToPool(bytes32 poolId, uint256 amount) function -> this function updates the pool balance using.
_updatePoolBalance(poolId, pools[poolId].poolBalance + amount). which can go wrong with fee on transfer tokens.
Users can take more debt than pool Balance, which will lead to loss of funds.
borrow(Borrow[] calldata borrows) -> this function checks for balance before lending (if (debt > pool.poolBalance) revert LoanTooLarge();). Since the pool.poolBalance can be larger than the actual balance of erc20 in the pool of the contract, users can take more debt than intended which can drain contract's balance of the token.
Manual review
Either White list specific erc20 tokens for use in the protocol or account for fee on transfer and deflationary tokens during calculation of pool.poolBalance
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.