Core Contracts

Summary

The internal withdraw function in ReserveLibrary.sol returns incorrect values due to a mismatch in the returned parameters. The function returns (amountUnderlying, burnedScaledAmount, amountUnderlying) instead of (amountWithdrawn, amountScaled, amountUnderlying) specifically, the function mistakenly returns amountUnderlying twice instead of amountWithdrawn. This discrepancy directly impacts event logging, potentially leading to significant issues in tracking withdrawals and underlying asset transfers in LendingPool::withdraw function.

Vulnerability Details

The function withdraw is expected to return three values:
amountWithdrawn The amount withdrawn.
amountScaled The scaled amount of RTokens burned.
amountUnderlying The amount of underlying asset transferred.

However, the function implementation incorrectly returns (amountUnderlying, burnedScaledAmount, amountUnderlying)

instead of (amountWithdrawn, amountScaled, amountUnderlying). The correct return should be:

Impact

This issue has a direct impact on the main functionality of the protocol and the funds. Since the function returns an incorrect value for amountWithdrawn, any contracts or functions that rely on these return values for further calculations may process incorrect amounts, leading to financial inconsistencies or potential exploits.

This discrepancy directly impacts event logging, potentially leading to significant issues in tracking withdrawals and underlying asset transfers in LendingPool::withdraw function.

Tools Used

Manual code review

Recommendations

Update the return statement in the ReserveLibrary::withdraw function to correctly reflect the intended return values: