protection seller can withdraw funds before being locked in case of lending pool deafault
Summary
If a lending pool defaults protection seller can withdraw funds before it being locked .
Vulnerability Detail
protection seller can use assessState view function in ReferenceLendingPool to check if a lending pool is default and withdraw her/his funds immediately before assessStates function in DefaultStateManager update the pool state and lock capitals . or he/s can front-run assessStates in DefaultStateManager to withdraw funds before being locked . It means protection seller can escape from paying to protection buyer in case of lending pool defaulted .
however a user needs to have withdraw request to be able withdraw funds but user can submit a withdraw request in every cycle to have prepared withdraw request in all cycles so he/she can withdraw at anytime before capital in pool being locked and escapes from loss .
Impact
protection seller can escape from paying to protection buyer if lending pool defaults
Consider assessing lending pools states before user can withdraw , you can add a modifier to withdraw function that calls assessStates in DefaultStateManager .
mahdikarimi
high
protection seller can withdraw funds before being locked in case of lending pool deafault
Summary
If a lending pool defaults protection seller can withdraw funds before it being locked .
Vulnerability Detail
protection seller can use assessState view function in ReferenceLendingPool to check if a lending pool is default and withdraw her/his funds immediately before assessStates function in DefaultStateManager update the pool state and lock capitals . or he/s can front-run assessStates in DefaultStateManager to withdraw funds before being locked . It means protection seller can escape from paying to protection buyer in case of lending pool defaulted . however a user needs to have withdraw request to be able withdraw funds but user can submit a withdraw request in every cycle to have prepared withdraw request in all cycles so he/she can withdraw at anytime before capital in pool being locked and escapes from loss .
Impact
protection seller can escape from paying to protection buyer if lending pool defaults
Code Snippet
https://github.com/sherlock-audit/2023-02-carapace/blob/main/contracts/core/pool/ReferenceLendingPools.sol#L184-L206 https://github.com/sherlock-audit/2023-02-carapace/blob/main/contracts/core/DefaultStateManager.sol#L119-L134 https://github.com/sherlock-audit/2023-02-carapace/blob/main/contracts/core/pool/ProtectionPool.sol#L226-L275
Tool used
Manual Review
Recommendation
Consider assessing lending pools states before user can withdraw , you can add a modifier to withdraw function that calls assessStates in DefaultStateManager .
Duplicate of #292