Inconsistency Between the Behavior and Design Expectations of the _repay Function
Summary
The LendingPool contract contains a function intended to allow users to repay borrowed reserve assets on behalf of themselves or other users. However, the implementation of this function does not align with the documented behavior, leading to unexpected reversion under specific conditions. Particularly, when the onBehalfOf address is set to zero, the function incorrectly reverts instead of repaying the caller's debt.
Vulnerability Details
The internal function _repay is designed to facilitate repayments for borrowing activities. The documentation states that if the onBehalfOf parameter is address(0), it should default to repaying the debt of msg.sender. However, the current implementation checks for onBehalfOf being address(0) and reverts if this condition is met, thereby preventing repayment by the caller. Here is the relevant code snippet:
Impact
This vulnerability impacts user experience and functionality of the LendingPool contract by preventing users from repaying their own debts if they pass address(0) as the onBehalfOf parameter. Additionally, this issue poses challenges for future development, as developers may encounter unexpected behavior when implementing new features or enhancements related to debt repayment.
Tools Used
manual code review
Recommendations
Change the conditional check for the onBehalfOf parameter to allow for the functionality outlined in the documentation. Specifically, remove the revert statement for address(0).
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.