The pool uses the LOAN_TOKEN.balanceOf(address(this)) to get the balance of LOAN_TOKENS on the pool. But the Loan tokens are supposed to be deposited or withdrawn from the pool. But Loan Token is an external token, then there is other means of depositing tokens on the pool, like simple calling transfer on the external token itself pointing the to address to the pool. The balance then will decrease the amount of user shares on the pool.
Vulnerability Detail
1 - one user transfer external Loan Tokens to the pool.
2 - when another user calls deposit of withdraw the amount of _shares will be decreased.
Impact
Wrong computation of _shares due to misleading balance of Loan Tokens.
Keeping track of the balance of Loan Tokens of the pool by using an state variable, i.e.: uint256 externalTokenBalance; and increases the balance on deposit and decrease the balance on withdrawals.
gryphon
medium
Risk of market prices manipulation
Summary
The pool uses the
LOAN_TOKEN.balanceOf(address(this))to get the balance ofLOAN_TOKENSon the pool. But the Loan tokens are supposed to be deposited or withdrawn from the pool. But Loan Token is an external token, then there is other means of depositing tokens on the pool, like simple calling transfer on the external token itself pointing thetoaddress to the pool. The balance then will decrease the amount of user shares on the pool.Vulnerability Detail
1 - one user transfer external Loan Tokens to the pool. 2 - when another user calls
depositofwithdrawthe amount of_shareswill be decreased.Impact
Wrong computation of
_sharesdue to misleading balance of Loan Tokens.Code Snippet
Pool.sol#L348
Pool.sol#L307
Tool used
Manual Review
Recommendation
Keeping track of the balance of Loan Tokens of the pool by using an state variable, i.e.:
uint256 externalTokenBalance;and increases the balance on deposit and decrease the balance on withdrawals.Duplicate of #125