Wrong destination of _withdrawFromVault leads to be impossible to withdraw funds to user
Summary
LendingPool.sol : withdraw() contains ensureLiquidity() subcall, which will triager _withdrawFromVault(). Meanwhile it confusing the adrress to where it should withraw. Leading to unexpected reverts due withdraw proccess.
Vulnerability Details
LendingPool.sol : withdraw() contains *ensureLiquidity() subcall, which will triager *withdrawFromVault(). Meanwhile it confusing the adrress to where it should withrdaw. Leading to unexpected reverts due withdraw proccess.
While withdraw tokens should happens from RToken contract address withdrawFromVault() send funds to LendingPool address. This will lead to situation when if it's not enough tokens on a balance of RToken contract we won't be able to proccess tx due to lack of funds on RToken ( the funds from curve vault contract went to LendingPool instead)\
Impact
Dos of withdraw functionality
Tools Used
Manual review
Recommendations
Change 2nd argument(reciever) to RToken contract address
Lead Judging Commences
LendingPool::_depositIntoVault and _withdrawFromVault don't transfer tokens between RToken and LendingPool, breaking Curve vault interactions
LendingPool::_depositIntoVault and _withdrawFromVault don't transfer tokens between RToken and LendingPool, breaking Curve vault interactions
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.