Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Redundant Reserve State Updates in Deposit and Withdraw Flow

saneryee

Summary

The lending pool's deposit and withdraw process currently performs two sequential reserve state updates, leading inefficient execution.

Vulnerability Details

The updateInterest function was called twice before the deposit and withdraw flow was executed in LendingPool.sol.

  1. First call through deposit and withdraw function in LendingPool.sol:

    deposit

    function deposit(uint256 amount) external nonReentrant whenNotPaused onlyValidAmount(amount) {
    // Update the reserve state before the deposit
    ReserveLibrary.updateReserveState(reserve, rateData);
    ... ...
    }

    withdraw

    function withdraw(uint256 amount) external nonReentrant whenNotPaused onlyValidAmount(amount) {
    if (withdrawalsPaused) revert WithdrawalsArePaused();
    // Update the reserve state before the withdrawal
    ReserveLibrary.updateReserveState(reserve, rateData);
    ......
    }

    which internally calls updateReserveInterests

    function updateReserveState(ReserveData storage reserve,ReserveRateData storage rateData) internal {
    updateReserveInterests(reserve, rateData);
    }

  2. Second call through (Inside ReserveLibrary.deposit and ReserveLibrary.withdraw)

    deposit

    uint256 mintedAmount = ReserveLibrary.deposit(reserve, rateData, amount, msg.sender);

    withdraw

    (uint256 amountWithdrawn, uint256 amountScaled, uint256 amountUnderlying) = ReserveLibrary.withdraw(
    reserve, // ReserveData storage
    rateData, // ReserveRateData storage
    amount, // Amount to withdraw
    msg.sender // Recipient
    );

    which also calls updateReserveInterests at the beginning of both functions

    updateReserveInterests(reserve, rateData);

This is redundant since updateReserveInterests has a check at the beginning:

function updateReserveInterests(ReserveData storage reserve,ReserveRateData storage rateData) internal {
uint256 timeDelta = block.timestamp - uint256(reserve.lastUpdateTimestamp);
if (timeDelta < 1) {
return;
}

The second call will always return early because the timeDelta will be less than 1 second from the first call. However, this is still inefficient as it creates an unnecessary function call.

Impact

The redundant state update pattern results in several consequences:

  1. Gas Inefficiency: Every deposit transaction incurs unnecessary gas cost.

  2. Code Maintainability: The presence of two state updates creates ambiguity about where the actual state modification should occur, making the codebase harder to maintain.

Tools Used

Manual

Recommendations

Remove the initial updateReserveState call from LendingPool.deposit() and LendingPool.withdraw() .

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!