[H] Incorrect Withdrawal in `_withdrawFromVault` Function in `LendingPool`
Summary
The _withdrawFromVault function in the LendingPool contract processes the withdrawal to the LendingPool contract instead of the RToken contract where the deposits are made.
Vulnerability Details
The current withdrawal in the _withdrawFromVault function is:
This line processes the withdrawal to the LendingPool contract, which does not hold the assets. The withdrawal should be processed to the RToken contract where the deposits are made.
Impact
This issue prevents the LendingPool contract from correctly withdrawing liquidity from the Curve vault, potentially leading to liquidity management issues within the protocol.
link to the issue: https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/pools/LendingPool/LendingPool.sol#L810
Tools Used
Manual code review.
Recommendations
Update the withdrawal to correctly process the withdrawal to the RToken contract. The corrected withdrawal should be:
This ensures that the withdrawn amount is correctly processed to the RToken contract where the deposits are made.
Lead Judging Commences
LendingPool::_depositIntoVault and _withdrawFromVault don't transfer tokens between RToken and LendingPool, breaking Curve vault interactions
LendingPool::_depositIntoVault and _withdrawFromVault don't transfer tokens between RToken and LendingPool, breaking Curve vault interactions
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.