Incorrect Share Owner Parameter in `LendingPool._withdrawFromVault()`
Summary
The LendingPool::_withdrawFromVault() function incorrectly sets the owner parameter of the Curve vault.withdraw() function to msg.sender. According to the Curve Vault implementation, the owner parameter should be the address holding the vault shares, which is the LendingPool contract itself (address(this)). This incorrect integration causes withdrawals from the Curve Vault to fail.
Vulnerability Details
In _depositIntoVault(), vault shares are sent to the LendingPool contract (address(this)):
The owner parameter in the curveVault.withdraw() function is set to msg.sender, but it should be address(this) (the LendingPool contract) because the LendingPool is the owner of the vault shares. This mismatch prevents the withdrawal from succeeding, as the Curve Vault expects the share owner to authorize the withdrawal:
Impact
Withdrawals from the Curve Vault will fail, preventing the LendingPool from retrieving assets from the Curve vault.
Tools Used
vscode
Recommendations
Update the _withdrawFromVault() function to set the owner parameter to address(this) (the LendingPool contract).
Lead Judging Commences
LendingPool::_withdrawFromVault incorrectly uses msg.sender instead of address(this) as the owner parameter, causing vault withdrawals to fail
LendingPool::_withdrawFromVault incorrectly uses msg.sender instead of address(this) as the owner parameter, causing vault withdrawals to fail
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.