`LendingPool::_withdrawFromVault` can't withdraw the interest accumulated in `scrvUsdVault` due to an underflow
Summary
LendingPool::_withdrawFromVault can't withdraw interest from scrvUsdVault because of underflow error.
Vulnerability Details
LendingPool integrates scrvVault for additional interest for LP.
The vault is an is an ERC4626 compliant Vault as mentioned in their docs. The interest accrues passively and constantly increases the underlying value of scrvUSD.
The lending pool is rebalanced on each deposit/withdraw/borrow and liquidity is deposited or withdrawed from scrvUsdVault as required.
On deposit, shares are issued to LendingPool and the amount deposited is summed to totalVaultDeposits:
On withdrawFromVault, amount of crvUsd are withdrawed from the vault and same amount is deducted from totalVaultDeposits
The value of scrvUsd shares increases over time, meaning that for the same amount of shares, you will receive more crvUsd assets as it earns interest.
Trying to withdraw more than deposited will result in an underflow error, reverting the transaction.
Lending pool can't withdraw interest from the vault.
Impact
Interest accumulated by scrvUsd vault will be permanently locked in the vault.
Tools Used
Recommendations
Do not keep track of amount deposited to vault. Remove totalVaultDeposits variable from the codebase since it's not used (readed from) anywhere.
Lead Judging Commences
LendingPool::totalVaultDeposits can underflow when withdrawing yield-inclusive amounts and vault yield isn't factored into interest rate calculations
LendingPool::totalVaultDeposits can underflow when withdrawing yield-inclusive amounts and vault yield isn't factored into interest rate calculations
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.