Skip to content

Latest commit

 

History

History
111 lines (86 loc) · 4.74 KB

051.md

File metadata and controls

111 lines (86 loc) · 4.74 KB

Daring Mustard Crab

High

Accounting Errors in whitelistWithdraw and whitelistDeposit Functions

Summary

The whitelistWithdraw and whitelistDeposit functions contain accounting mistakes that can lead to incorrect tracking of vault balances, which may cause over-withdrawals, misreported deposits, or incorrect utilization values.

Severity: High Impact: High Likelihood: High

Affected Lines of Code

https://github.com/sherlock-audit/2025-01-peapods-finance/blob/main/contracts/contracts/LendingAssetVault.sol#L230-L241

https://github.com/sherlock-audit/2025-01-peapods-finance/blob/main/contracts/contracts/LendingAssetVault.sol#L246-L254

whitelistWithdraw function:

vaultDeposits[_vault] += _assetAmt;
vaultUtilization[_vault] += _assetAmt;
_totalAssetsUtilized += _assetAmt;

whitelistDeposit function:

vaultDeposits[_vault] -= _assetAmt > vaultDeposits[_vault] ? vaultDeposits[_vault] : _assetAmt;
vaultUtilization[_vault] -= _assetAmt;
_totalAssetsUtilized -= _assetAmt;

Description of Issue

The whitelistWithdraw and whitelistDeposit functions contain accounting errors that could result in incorrect tracking of vault balances, potentially causing over-withdrawals, incorrect deposit amounts, and inaccurate utilization values.

Issues Identified:

  1. whitelistWithdraw:

When assets are withdrawn, the deposit balance and utilization are both incorrectly increased. There is no check to ensure the vault has sufficient assets for withdrawal, leading to the risk of over-withdrawals.

  1. whitelistDeposit:

Faulty logic in the subtraction of the deposit balance, leading to incorrect deposit values. The vault's utilization and total assets utilized are incorrectly decreased when assets are deposited, which misrepresents the vault's actual asset usage.

Impacts

  • Incorrect Balances: Misreported deposits and utilization can lead to vault imbalances.
  • Financial Risk: Over-withdrawals or misreported deposits can disrupt vault functionality and affect liquidity.
  • System Integrity: The errors could propagate through other parts of the system, leading to further failures.

Likelihood Explanation

  • High Likelihood: These errors can easily occur during normal operations, especially with frequent deposits and withdrawals. If triggered, they will propagate throughout the system, causing further issues.

Recommendation:

  1. Fix whitelistWithdraw:
  • Decrease the deposit balance when withdrawing.
  • Increase utilization since the assets are being used.
  • Add validation to ensure the vault has enough assets for the withdrawal.
vaultDeposits[_vault] -= _assetAmt; // Decrease deposits when withdrawing
vaultUtilization[_vault] += _assetAmt; // Increase utilization since assets are being used
_totalAssetsUtilized += _assetAmt; // Increase total assets utilized
  1. Fix whitelistDeposit:
  • Increase the deposit balance when assets are deposited.
  • Decrease utilization to reflect the return of assets.
  • Update the total assets utilized correctly.
vaultDeposits[_vault] += _assetAmt; // Increase deposits when vault returns assets
vaultUtilization[_vault] -= _assetAmt; // Decrease utilization since assets are returned
_totalAssetsUtilized -= _assetAmt; // Decrease total assets utilized

Final Correct Code

whitelistWithdraw (Decrease vaultDeposits, Increase Utilization)

function whitelistWithdraw(uint256 _assetAmt) external override onlyWhitelist {
    address _vault = _msgSender();
    _updateAssetMetadataFromVault(_vault);

    require(totalAvailableAssetsForVault(_vault) >= _assetAmt, "MAX");

    vaultDeposits[_vault] -= _assetAmt; // ✅ Decrease deposits when withdrawing
    vaultUtilization[_vault] += _assetAmt; // ✅ Increase utilization since assets are being used
    _totalAssetsUtilized += _assetAmt; // ✅ Increase total assets utilized

    IERC20(_asset).safeTransfer(_vault, _assetAmt);
    emit WhitelistWithdraw(_vault, _assetAmt);
}

whitelistDeposit (Increase vaultDeposits, Decrease Utilization)

function whitelistDeposit(uint256 _assetAmt) external override onlyWhitelist {
    address _vault = _msgSender();
    _updateAssetMetadataFromVault(_vault);

    vaultDeposits[_vault] += _assetAmt; // ✅ Increase deposits when vault returns assets
    vaultUtilization[_vault] -= _assetAmt; // ✅ Decrease utilization since assets are returned
    _totalAssetsUtilized -= _assetAmt; // ✅ Decrease total assets utilized

    IERC20(_asset).safeTransferFrom(_vault, address(this), _assetAmt);
    emit WhitelistDeposit(_vault, _assetAmt);
}

Final Confirmation:

Withdraw → Decrease deposits, Increase utilization ✅ Deposit → Increase deposits, Decrease utilization