zimu - Unchecked return value of external AAVE call of IPool interface

[github-actions[bot]]

zimu

medium

Unchecked return value of external AAVE call of IPool interface

Summary

Unchecked return value of external AAVE call of IPool interface in some functions of DnGmxJuniorVaultManager.sol. It is dangerous when a pool is working abnormal, i.e., liquidity drained, anomalous price fluctuation.

Vulnerability Detail

In function _executeRepay and _executeWithdraw of DnGmxJuniorVaultManager.sol, state.pool.repay(token, amount, VARIABLE_INTEREST_MODE, address(this)) and state.pool.withdraw(token, amount, receiver) are called without checking its return value.

According to the specification of aave\core-v3\contracts\interfaces\IPool.sol, repay and withdraw return the final amount. When repay and withdraw return zero or an abnormal amount number without calling revert, the fund would be lost.

Impact

Unchecked return value of external call to pool will suffer losses under abnormal circumstances.

Code Snippet

https://github.com/sherlock-audit/2022-10-rage-trade/blob/main/dn-gmx-vaults/contracts/libraries/DnGmxJuniorVaultManager.sol#L828-L834

https://github.com/sherlock-audit/2022-10-rage-trade/blob/main/dn-gmx-vaults/contracts/libraries/DnGmxJuniorVaultManager.sol#L853-L860

Tool used

Manual Review

Recommendation

Check return value, and implement some handles

[IAm0x52]

Aave calls only return the number of tokens after because of two scenarios. If you call it with uint256.max it will withdraw/repay the max amount. Or if you call it trying to repay too much debt, it will only take enough to repay your debt. Otherwise it will either revert or give/take the exact number of tokens. Neither of which deviating circumstances are applicable in this contract.