Core Contracts

Summary

The _rebalanceLiquidity function in LendingPool.sol interacts with the Curve Vault for liquidity rebalancing between the protocol's buffer and the Curve vault. The withdrawal process from the Curve vault, however, introduces continuous losses of deposited funds which will lead to reversion.

Vulnerability Details

In the _rebalanceLiquidity() function, the protocol calculates whether there is an excess or shortage of liquidity in the buffer compared to the desired liquidity ratio and attempts to either deposit or withdraw liquidity from the Curve vault accordingly. However, the Curve vault’s withdraw function may result in a loss if the amount requested for withdrawal does not align with the share price, as Curve uses rounding to determine the number of shares to burn when redeeming assets. This issue occurs when the withdraw function rounds up the asset amount, causing totalVaultDeposits to be inaccurately updated and potentially less than the actual available withdrawable amount. This discrepancy can result in a reversion during subsequent withdrawal attempts, as the totalVaultDeposits will incorrectly reflect the available amount, leading to errors when calling _withdrawFromVault().

The specific code responsible for this issue includes:

• The logic in _withdrawFromVault() that updates totalVaultDeposits by deducting the withdrawal amount without considering potential loss due to rounding.

• Curve’s withdraw function and its internal _redeem process, which can cause asset losses when the share price is not a divisor of the withdrawal amount.

Impact

This vulnerability leads to inaccurate tracking of the totalVaultDeposits/reserve.totalLiquidity and loss of funds (due to losses when withdrawing from the vault). Which in turn results in reverts when trying to withdraw assets that no longer belong to LendingPool.

Tools Used

Manual code review

Recommended Mitigation

To mitigate this issue, consider the following changes:

• Add Share Price Validation: Introduce additional checks before calling the withdraw function to ensure that the withdrawal amount is compatible with the share price, or adjust the requested withdrawal amount to prevent rounding issues.

• Implement Loss Handling: Modify the _withdrawFromVault() function to account for potential losses during the withdrawal process, ensuring that any loss due to rounding does not impact the protocol's logic or cause reverts.