Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Incorrect Asset Transfer in `_rebalanceLiquidity` Before Depositing into Curve Vault

xcrypt

Summary

In the _rebalanceLiquidity function, when the available liquidity buffer exceeds the desired buffer, the contract attempts to deposit the excess liquidity into the Curve vault. However, the function incorrectly assumes that the lending pool (address(this)) already holds the excess liquidity, while the actual assets reside in reserve.reserveRTokenAddress. Without first transferring these assets to the lending pool, the deposit call to the Curve vault will fail, causing a contract malfunction.

Vulnerability Details

Issue

  • The contract checks the excess liquidity using the balance of reserve.reserveAssetAddress at reserve.reserveRTokenAddress.

  • If there is excess liquidity, the contract attempts to deposit the excess amount into the Curve vault.

  • However, the deposit function assumes that the lending pool (address(this)) already holds the excess liquidity, which is incorrect.

  • Since the Curve vault calls transferFrom to withdraw the tokens, and the lending pool has not yet received the assets, the deposit will fail due to insufficient funds.

Incorrect Code

uint256 currentBuffer = IERC20(reserve.reserveAssetAddress).balanceOf(reserve.reserveRTokenAddress);

  • The contract determines the excess liquidity but does not transfer the tokens from reserve.reserveRTokenAddress to the lending pool before depositing them into the Curve vault.

  • This leads to a failed deposit since the Curve vault expects the lending pool to hold the required assets.

Impact

Failed Deposit to Curve Vault

  • The lending pool does not have the required assets, causing the Curve vault’s deposit function to revert.

  • This prevents proper liquidity rebalancing and disrupts the expected financial operations.

Liquidity Imbalance

  • If excess liquidity is not deposited correctly, the system may have inefficient capital allocation, leading to potential liquidity shortages elsewhere.

Tools Used

  • Manual code review and contract behavior analysis.

Recommendations

Ensure Asset Transfer Before Depositing

  • Before calling the approve function to authorize the Curve vault to use the assets, the contract should first transfer the excess liquidity from reserve.reserveRTokenAddress to the lending pool (address(this)).

  • This ensures that the lending pool has the necessary assets for a successful deposit into the Curve vault.

Corrected Code

// Transfer excess assets from reserve RToken contract to the lending pool
IRToken(reserve.reserveRTokenAddress).transferAsset(address(this), excess);
// Approve and deposit the excess amount into the Curve vault
ERC20(reserve.reserveAssetAddress).approve(address(curveVault), excess);
curveVault.deposit(excess, address(this));
// Update total vault deposits
totalVaultDeposits += excess;

This modification ensures that the lending pool holds the required assets before attempting a deposit into the Curve vault, preventing transaction failures and maintaining proper liquidity balance.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::_depositIntoVault and _withdrawFromVault don't transfer tokens between RToken and LendingPool, breaking Curve vault interactions

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::_depositIntoVault and _withdrawFromVault don't transfer tokens between RToken and LendingPool, breaking Curve vault interactions

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!