Revertion Risk in `_rebalanceLiquidity()` due to Incorrect Deposit Handling in Curve Vault
Summary
In the LendingPool.sol contract, the internal function _rebalanceLiquidity() may inadvertently trigger a revert in Curve's vault when depositing a small amount of assets. This occurs due to the rounding behavior in Curve's vault deposit function, where the deposit amount can be rounded down to zero, causing the transaction to fail. Additionally, malicious users can manipulate the liquidity buffer to induce this condition, resulting in the failure of normal protocol operations.
Vulnerability Details
The issue arises within the _rebalanceLiquidity() function of LendingPool.sol, which attempts to maintain the desired liquidity ratio by depositing or withdrawing assets from Curve's vault. When there is an excess of liquidity, the protocol calls the _depositIntoVault() function to deposit the excess reserve assets into Curve's vault.
However, Curve's vault uses a rounding mechanism in its deposit function, which can round down the deposit amount to zero if the deposit is small enough. In such cases, the deposit function will revert, as it requires at least 1 share of assets to be deposited, but a rounded-down amount of zero is insufficient.
The vulnerability becomes exploitable if a malicious actor manipulates the reserve asset balance to trigger a condition where the currentBuffer is slightly greater than the desiredBuffer. This can force the contract to call Curve's deposit function with an insufficient amount, causing a revert.
The vulnerability exists in the interaction between the LendingPool.sol contract and Curve's vault, specifically in how the protocol handles small liquidity amounts during rebalancing.
Impact
The impact of this vulnerability is twofold:
Operational Failure: The protocol could experience transaction failures due to the revert when depositing small amounts into Curve's vault. This could disrupt normal liquidity management and affect users' ability to interact with the platform.
Potential Exploitation: A malicious user could exploit this issue by manipulating the liquidity buffer and causing repeated reverts. This could lead to denial of service (DoS) attacks, where the protocol's liquidity management becomes non-functional, affecting all users relying on the platform.
Tools Used
Manual code review
Recommended Mitigation
Input Validation: Ensure that the amount being deposited into Curve’s vault is greater than or equal to the minimum amount required to avoid rounding issues. This can be done by checking if the deposit amount rounds down to zero before proceeding.
Error Handling: Modify the deposit logic to handle the revert condition from Curve’s vault more gracefully. For instance, if the amount to be deposited is less than the minimum share required, the contract could skip the deposit instead of attempting a revert.
By addressing these issues, the protocol can avoid unnecessary reverts and mitigate potential exploits related to small liquidity amounts.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.