0xrobsol - Inconsistency in Tracking Total Principal Tokens Lent and Repaid

[sherlock-admin2]

0xrobsol

high

Inconsistency in Tracking Total Principal Tokens Lent and Repaid

Summary

An inconsistency has been identified in the smart contract regarding the tracking of total principal tokens lent and repaid. Specifically, the repayLoanCallback function does not appropriately update the totalPrincipalTokensLended variable, potentially leading to inaccuracies in accounting for lent and repaid tokens.

Vulnerability Detail

The repayLoanCallback function currently updates the totalPrincipalTokensRepaid variable to reflect the amount repaid by the borrower. However, it neglects to adjust the totalPrincipalTokensLended variable to reflect the decrease in the total amount of principal tokens lent out. This oversight could result in discrepancies between the total amount lent and the total amount repaid, leading to inaccurate accounting.

Impact

The failure to adjust the totalPrincipalTokensLended variable when a loan is repaid may have several adverse effects:

• Inaccurate Accounting: The discrepancy between the total amount lent and repaid could lead to inaccurate accounting and reporting of the financial status of the lending platform.

Code Snippet

https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L700

Tool used

Manual Review

Recommendation

To address this issue and ensure accurate tracking of total principal tokens lent and repaid, the following steps are recommended:

• Update Code: Adjust the repayLoanCallback function to include the decrement of the totalPrincipalTokensLended variable when a loan is repaid.

[nevillehuang]

Invalid, getTotalPrincipalTokensOutstandingInActiveLoans already subtracts totalPrincipalTokensRepaid from totalPrincipalTokensLended, so an update is not required