search

sherlock-audit / 2023-02-carapace-judging

2 stars 0 forks source link

rvierdiiev - Repaid lending pool should distribute premium to protection sellers #250

Closed github-actions[bot] closed 1 year ago

github-actions[bot] commented 1 year ago

rvierdiiev

medium

Repaid lending pool should distribute premium to protection sellers

Summary

Repaid lending pool should distribute premium to protection sellers

Vulnerability Detail

Lending pool can become expired which can mean that _creditLine.termEndTime() has passed or _creditLine.balance() == 0 which means that lending pool debt is repaid. https://github.com/sherlock-audit/2023-02-carapace/blob/main/contracts/adapters/GoldfinchAdapter.sol#L62-L77

  function isLendingPoolExpired(address _lendingPoolAddress)
    external
    view
    override
    returns (bool)
  {
    ICreditLine _creditLine = _getCreditLine(_lendingPoolAddress);
    uint256 _termEndTimestamp = _creditLine.termEndTime();

    /// Repaid logic derived from Goldfinch frontend code:
    /// https://github.com/goldfinch-eng/mono/blob/bd9adae6fbd810d1ebb5f7ef22df5bb6f1eaee3b/packages/client2/lib/pools/index.ts#L54
    /// when the credit line has zero balance with valid term end, it is considered repaid
    return
      block.timestamp >= _termEndTimestamp ||
      (_termEndTimestamp > 0 && _creditLine.balance() == 0);
  }

In case if pool is expired that means that protection has finished for protection buyers of that lending pool. It's possible that borrower will repay lending pool earlier than end timestamp, in this case premium for that lending pool should be distributed to the protection sellers. Currently nothing will happen and protection sellers will wait until end of each protection for that lending pool.

Impact

Protection sellers do not receive payment for protection, once protection is over.

Code Snippet

https://github.com/sherlock-audit/2023-02-carapace/blob/main/contracts/adapters/GoldfinchAdapter.sol#L62-L77 https://github.com/sherlock-audit/2023-02-carapace/blob/main/contracts/core/DefaultStateManager.sol#L365-L370 https://github.com/sherlock-audit/2023-02-carapace/blob/main/contracts/core/pool/ProtectionPool.sol#L279-L354

Tool used

Manual Review

Recommendation

Once lending pool is repaid, then pay all remaining premium to the protection sellers.

vnadoda commented 1 year ago

@clems4ev3r We think this will be mitigated by daily premium accrual. We are planning to do the following fix in an upcoming version: Once the lending pool is expired/repaid, all premiums from that pool should accrue right away.

clems4ev3r commented 1 year ago

@vnadoda, agreed this is a valid issue, not sure about medium impact since it's only a delay of rewards

vnadoda commented 1 year ago

@clems4ev3r this should be low priority issue, which we will fix in upcoming version. @hrishibhat can we close this?

hrishibhat commented 1 year ago

Agreed, considering this issue as low