Withdrawing from the curve vault will fail due to a wrong input
Summary
Withdrawing from the curve vault will fail due to a wrong input
Vulnerability Details
Upon operations such as withdrawing, we have the following code, located in _ensureLiquidity():
If there isn't sufficient liquidity in the RToken contract to satisfy the withdrawal, we will pull the required amount from the curve vault. There, we have the following code:
The issue is that the third input is incorrect, it is msg.sender which is the withdrawer, this requires the msg.sender to provide the vault shares. This is incorrect as the shares are in the lending pool as that is the share receiver upon vault deposits. This will simply revert unless the user does not provide his own shares he has from somewhere else, which would be unfair for him and will simply lead to a loss of funds for him.
Impact
Users will not be able to withdraw despite there being sufficient liquidity
Tools Used
Manual Review
Recommendations
Use address(this) instead
Lead Judging Commences
LendingPool::_withdrawFromVault incorrectly uses msg.sender instead of address(this) as the owner parameter, causing vault withdrawals to fail
LendingPool::_withdrawFromVault incorrectly uses msg.sender instead of address(this) as the owner parameter, causing vault withdrawals to fail
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.