`RToken::_liquidityIndex` is never updated, making `transferForm` always divide the amount by `1 WadRayMath.RAY`
Summary
for transferFrom function, the amount param is scaled down by dividing it with current index rate _liquidityIndexbut this value is never updated and only initialized in constructor (the value is 1 RAY or 1e27), leading to incorrect scaled amount transferred.
Vulnerability Details
the state _liquidityIndex can be changed by calling RToken::updateLiquidityIndexbut this function can only be called by corresponding reserve pool, and the reserve pool itself does not have any implementation to call said function.
Impact
transferFrom function would transfer invalid scaled amount, where this would later have issue when interacting with DeFI ecosystem (DEX, LP, lending-borrowing, etc)
Tools Used
manual review
Recommendations
remove the divide operation for amount, because the scaled amount would later be handled inside _updatefunction so no need to manually do this in this function.
Lead Judging Commences
RToken::updateLiquidityIndex() has onlyReservePool modifier but LendingPool never calls it, causing transferFrom() to use stale liquidity index values
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.