Incorrect implementation of _rebalanceLiquidity() in lending pool
Summary
_depositIntoVault() and _withdrawFromVault() implement a wrong deposit source and withdraw target address in LendingPool contract
Vulnerability Details
LendingPool::_rebalanceLiquidity() is used for rebalance token assets between reserve and vault to maintain a desired ratio. While these two functions are implemented in LendingPool.sol contract , they implement wrong deposit source and withdraw target addresses, which will make these function unusable.
Within _depositIntoVault() function, funds are deposited into vault by calling vault.deposit():
However, tokens are actually stored in reserve/RToken contract, not lending pool, therefor will not result intended deposit since lending pool does not hold assets.
Similar issue exsits in _withdrawFromVault() function, where asset token should be withdraw to reserve?RToekn contract, not lending pool contract.
(All above issues are based on that withdraw()/borrow() actions in lending pool are excuted to withdraw tokens from reserve/RToken contract, not lending pool, hence when rebalancing, token should deposit from and withdraw to RToken contract)
Impact
protocol functionality breaking
Tools Used
manual
Recommendations
consider changing the deposit from address and withdraw target address
Lead Judging Commences
LendingPool::_depositIntoVault and _withdrawFromVault don't transfer tokens between RToken and LendingPool, breaking Curve vault interactions
LendingPool::_depositIntoVault and _withdrawFromVault don't transfer tokens between RToken and LendingPool, breaking Curve vault interactions
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.