Closed c4-bot-1 closed 3 months ago
GalloDaSballo marked the issue as insufficient quality report
Consider scrapping as severely overinflated
This change would actually make it explotiable since you would check before and then allow any withdraw creating bad debt.
Submitted must be disqualified.
trust1995 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/PowerFarms/PendlePowerFarm/PendlePowerManager.sol#L274-L302
Vulnerability details
Description:
Not following CEI. users an withdraw shares before the following check revert
_checkDebtRatio(wiseLendingNFT) == false
inPendlePowerManager::manuallyWithdrawShares
Impact:
This could lead to loss of funds since the user can withdraw funds before the the collateral debt ratio get checked. Users with bad debts can withdraw their funds wich is against the protocol logic.
Tools Used
Manual Review
Proof Of Concept:
Recommended Mitigation Steps:
Check the debt ratio before allowing manual withdrawals
Assessed type
ETH-Transfer