Open c4-bot-2 opened 6 months ago
0xEVom marked the issue as primary issue
0xEVom marked the issue as sufficient quality report
kalinbas (sponsor) confirmed
jhsagd76 marked the issue as satisfactory
jhsagd76 marked the issue as selected for report
Lines of code
https://github.com/code-423n4/2024-03-revert-lend/blob/main/src/V3Vault.sol#L906-L908
Vulnerability details
Issue Description
The
_deposit
function is invoked in both thedeposit
andmint
functions when a user wants to lend assets. This function is intended to ensure that the total amount of assets lent does not exceed the protocol limitglobalLendLimit
.In the provided code snippet, the
_deposit
function checks thetotalSupply()
against theglobalLendLimit
limit. However,totalSupply()
represents the lenders' share amount and does not represent the actual asset amount lent. It must first be converted to assets using the_convertToAssets
function.This mistake is evident because in the
maxDeposit
function, the correct check is implemented:Because the
_deposit
function performs the wrong check, it will allow more assets to be lent in the protocol. This is due to the fact that the lending exchange ratelastLendExchangeRateX96
will be greater than 1 (due to interest accrual), and so we will always havetotalSupply() < _convertToAssets(totalSupply(), lendExchangeRateX96, Math.Rounding.Up)
(the only case this might not hold is when there is a significant bad debt after liquidation, which would not occur under normal circumstances).Impact
Incorrect global lending checking in the
_deposit
function will result in more assets being lent than allowed by the protocol.Tools Used
Manual review, VS Code
Recommended Mitigation
To address this issue, the
totalSupply()
must be converted to an asset amount before checking it againstglobalLendLimit
, as is done in themaxDeposit
function:Assessed type
Error