The functions in the LendgineRouter and LiquidityManager contracts always use the to address, instead of msg.sender, as the tracked owner of funds.
The contract requires the following steps for minting in LendgineRouter:
Deposit collateral into LendgineRouter.
Call the burn function on the Pair contract, which will do the following:
Transfer token0 to LendgineRouter.
Transfer token1 to LendgineRouter.
Mint PowerTokens for the user in an equivalent number of shares.
Execute the safeTransfer function to transfer both tokens into the Pair contract .
Call the pairMintCallback function in LendgineRouter, which will do the following:
Swap token1 for token0.
Transfer token1 to the Lendgine contract.
Transfer collateral to Lendgine.
The flow of tokens above is hard to follow, is error-prone, and can lead to issues in accounting or to token transfer mistakes.
Actions Items:
Consider implementations that allow peripheral contracts to deposit on behalf of users, thus simplifying a transfer from a user’s account directly into the Lendgine contract.
Issue applies to all other functions in the LendgineRouter and LiquidityManager contracts as well.
Description:
The functions in the
LendgineRouter
andLiquidityManager
contracts always use the to address, instead ofmsg.sender
, as the tracked owner of funds.The contract requires the following steps for minting in LendgineRouter:
The flow of tokens above is hard to follow, is error-prone, and can lead to issues in accounting or to token transfer mistakes.
Actions Items:
LendgineRouter
andLiquidityManager
contracts as well.