Closed github-actions[bot] closed 1 year ago
Aave calls only return the number of tokens after because of two scenarios. If you call it with uint256.max it will withdraw/repay the max amount. Or if you call it trying to repay too much debt, it will only take enough to repay your debt. Otherwise it will either revert or give/take the exact number of tokens. Neither of which deviating circumstances are applicable in this contract.
zimu
medium
Unchecked return value of external AAVE call of IPool interface
Summary
Unchecked return value of external AAVE call of IPool interface in some functions of
DnGmxJuniorVaultManager.sol
. It is dangerous when a pool is working abnormal, i.e., liquidity drained, anomalous price fluctuation.Vulnerability Detail
In function
_executeRepay
and_executeWithdraw
ofDnGmxJuniorVaultManager.sol
,state.pool.repay(token, amount, VARIABLE_INTEREST_MODE, address(this))
andstate.pool.withdraw(token, amount, receiver)
are called without checking its return value.According to the specification of
aave\core-v3\contracts\interfaces\IPool.sol
,repay
andwithdraw
return the final amount. Whenrepay
andwithdraw
return zero or an abnormal amount number without callingrevert
, the fund would be lost.Impact
Unchecked return value of external call to pool will suffer losses under abnormal circumstances.
Code Snippet
https://github.com/sherlock-audit/2022-10-rage-trade/blob/main/dn-gmx-vaults/contracts/libraries/DnGmxJuniorVaultManager.sol#L828-L834
https://github.com/sherlock-audit/2022-10-rage-trade/blob/main/dn-gmx-vaults/contracts/libraries/DnGmxJuniorVaultManager.sol#L853-L860
Tool used
Manual Review
Recommendation
Check return value, and implement some handles