Lender.sol: The error being `PoolConfig` in most cases is completely a downside of protocol as users can't know the reasons to why their transaction failed
Summary
There are 7 instances of PoolConfig being used as the revert message in Lender.sol this seems like an unnecessary complexity that actually leads to users not understanding why exactly their transaction is not going through
Vulnerability Details
See Summary. additionally take these instances as an example:
Lender.sol#L146
As seen the first revert happens in a case where the provided outstanding loans is not same as whst's been stored in the contract, whereas the second instance is a revert happening if the attempted removal is of amount = 0, but in both instances the reverted error message is poolConfig which just seems too vague and could easily lead to confusion.
Impact
Users hardship while interacting with protocol as they would have a hard time trying to find out what's wrong with their attempted function executions
Tools Used
Manual Audit
Recommend Mitigation
Error messages should clearly indicate why a transaction has reverted, I recommend this mechanism to be implemented in the protocol
Additional Note
There is an incomplete code explanation comment at L442 of Lender.sol, it states that validate the loan whereas the validation being made in the next line is for the loan's lender, so lender should be added to the comment.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.