Target idle amount is incorrect in validateOffer flow, which can result in insufficient liquid asset in pool

[c4-bot-10]

Lines of code

https://github.com/code-423n4/2024-04-gondi/blob/b9863d73c08fcdd2337dc80a8b5e0917e18b036c/src/lib/pools/Pool.sol#L411

Vulnerability details

Impact

Target idle amount is incorrect in validateOffer() flow, which can result in insufficient liquid asset in pool

Proof of Concept

In Pool:validateOffer, reallocating undeployed assets from BaseInterestAllocator to the pool is required if the pool doesn't have enough asset balance.

However, the target idle amount input for the reallocate call is incorrect. The reallocate will transfer the delta of current idle and target idle, which means target idle should be input as the desired amount of liquid assets in the pool. Current implementation input principalAmount - currentBalance, but it should be principalAmount.

//src/lib/pools/Pool.sol
    function validateOffer(bytes calldata _offer, uint256 _protocolFee) external override onlyAcceptedCallers {
...
        } else if (principalAmount > currentBalance) {
//@audit principalAmount - currentBalance -> principalAmount
            IBaseInterestAllocator(getBaseInterestAllocator).reallocate(
|>                currentBalance, principalAmount - currentBalance, true
            );
        }
...

(https://github.com/code-423n4/2024-04-gondi/blob/b9863d73c08fcdd2337dc80a8b5e0917e18b036c/src/lib/pools/Pool.sol#L411)

When the pool needs more liquid asset, this may transfer liquid asset out of the pool, resulting in insufficient pool balance.

Tools Used

Manual

Recommended Mitigation Steps

Change to correct target idle amount

Assessed type

Error

[c4-judge]

0xA5DF marked the issue as duplicate of #63

[c4-judge]

0xA5DF changed the severity to 2 (Med Risk)

[c4-judge]

0xA5DF marked the issue as satisfactory