Core Contracts

Summary

A reentrancy vulnerability has been identified in the LendingPool contract that could allow an attacker to drain funds from the pool by exploiting the withdraw function before state updates are applied.

Vulnerability Details

The vulnerability exists because:

1. The LendingPool contract transfers tokens to users before updating internal state during withdrawals

2. The token transfer could trigger a fallback function in a malicious contract

3. This fallback function could recursively call withdraw() again before the first withdrawal completes

4. Lack of proper reentrancy protection allows multiple withdrawals with the same collateral

Key functions involved:

- withdraw(): Handles withdrawal of deposited tokens

- balanceOf(): Used to check token balances

- transfer(): ERC20 token transfer that can trigger reentrancy

Impact

The vulnerability has critical impact:

- Attackers can drain funds from the lending pool

- Depositors could lose their collateral

- Protocol could become insolvent

- Loss of user funds and trust in the protocol

Tools Used

- Manual code review

- Hardhat test environment

- Ethers.js library

- Chain analysis and debugging tools

Recommendations

1. Implement proper reentrancy protection: