LendingPool : Incorrect Asset Deposit in _depositIntoVault
Summary
The _depositIntoVault function tries to deposit assets into the curve vault, but it assumes the assets are held by the LendingPool (address(this)). In reality, the assets are stored in reserveRTokenAddress. This mistake can cause some functions like deposit to revert or behave incorrectly because the function is trying to deposit assets from the wrong place.
Different execution paths for this functions:
deposit/withdraw/borrow>_rebalanceLiquidity>_depositIntoVault
Vulnerability Details
1. The function _depositIntoVault(amount) is called to deposit assets into the vault.
2. It first approves the vault to spend the specified amount. Then, it deposits the assets into the vault:
3. The issue arises because assets are stored in reserveRTokenAddress, not address(this).
4. However, _depositIntoVault assumes that address(this) (LendingPool) holds the assets before depositing them, which is incorrect.
Impact
User can not deposit / withdraw / borrow
Tools Used
vscode
Recommendations
The function should deposit assets from reserveRTokenAddress, not address(this).
Lead Judging Commences
LendingPool::_depositIntoVault and _withdrawFromVault don't transfer tokens between RToken and LendingPool, breaking Curve vault interactions
LendingPool::_depositIntoVault and _withdrawFromVault don't transfer tokens between RToken and LendingPool, breaking Curve vault interactions
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.