Not Reverting When Not Enough Liquidity And Curve Vault Not Set
Summary
In the LendingPool.sol contract the _ensureLiquidity function should revert instead of returning when there is not enough liquidity when the Curve vault is not set, ensuring proper handling of insufficient liquidity scenarios.
Vulnerability Details
The vulnerability arises from the _ensureLiquidity function, which currently returns without taking any action if there is not enough liquidity and the Curve vault is not set. This behavior can lead to silent failures where the function does not provide any feedback or error, potentially causing unexpected behavior in the protocol.
Impact
By returning silently when there is not enough liquidity, the protocol will fail to handle insufficient liquidity scenarios properly. This will lead to failed withdrawals or borrowing attempts without clear error messages, causing confusion for users and potentially leading to financial discrepancies. It undermines the reliability and predictability of the protocol's operations.
Tools Used
Manual Review
Recommendations
To mitigate this vulnerability, update the _ensureLiquidity function to revert with an appropriate error message when there is not enough liquidity and the Curve vault is not set. Here is an example of how to implement this:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.