Withdraw from the curve vault will get failed.
Summary
As ensureLiquidity function balance the asset amount and maintains the 20:80 ratio. But the _withdrawFromVault function is implemented incorrectly which will lead to failure to withdraw funds from the curve vault and funds will get locked.
Vulnerability Details
If we take a look at the function LendingPool::_withdrawFromVault , the withdraw function of curve vault is called with the following parameter, the address(this) is the receiver and msg.sender is the owner of the shares, with respect to the withdraw function of curve
While if we look at the snippet where the funds are getting deposited to the curve vault there the owner is passed as the LendingPool(address(this),
Hence the owner of those shares will be LendingPool, not the user who has deposited the funds, hence the withdraw will get failed.
Impact
Withdraw of tokens will not be don
Tools Used
Manual Review
Recommendations
Use LendingPool as the owner then withdraw those assets from curved vault.
Lead Judging Commences
LendingPool::_withdrawFromVault incorrectly uses msg.sender instead of address(this) as the owner parameter, causing vault withdrawals to fail
LendingPool::_withdrawFromVault incorrectly uses msg.sender instead of address(this) as the owner parameter, causing vault withdrawals to fail
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.