Closed sherlock-admin2 closed 2 months ago
Invalid, direct donation is not possible to influence shares exchange rate since pool value used to calculate rate does not include principle token balance for calculations to determine principalTokenValueToWithdraw
.
kennedy1030
high
Invalid check in
LenderCommitmentGroup_Smart.burnSharesToWithdrawEarnings()
.Summary
Without any other interruption, a malicious user can break the
LenderCommitmentGroup_Smart
by conducting a series of actions: deposit, borrow, liquidate, donation, and withdraw.Vulnerability Detail
Let's consider the following scenario:
LenderCommitmentGroup_Smart
._loanDefaultedTimestamp + 86400 + 5000
.LenderCommitmentGroup_Smart
.Finally, the exchange rate will be
(100 - 40 - 60) / 1 = 0
, leading to breaking theLenderCommitmentGroup_Smart
.After that, if someone deposits, he will receive no share and Bob can take all of that. This problem occurs because there is no balance check in withdrawing.
Impact
Without anyother's interruption, a malicious user can break the
LenderCommitmentGroup_Smart
.Code Snippet
https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L307-L322
https://github.com/sherlock-audit/2024-04-teller-finance/blob/main/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L396-L415
Tool used
Manual Review
Recommendation
Deposit and withdrawal should be improved as follows.