This repository has been archived by the owner on May 26, 2023. It is now read-only.
cergyk - User never receive the interest on lending to the protocol #26
Comments
github-actions
bot
added
Duplicate
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
cergyk
high
User never receive the interest on lending to the protocol
Summary
Users may lend on the protocol by depositing into soft/hardVaults, which in turn deposit to compound style tokens.
However the user never receives the rewards for lending on compound.
Vulnerability Detail
When users withdraw from soft-vaults, only the amount the user deposited is refunded:
https://github.com/sherlock-audit/2023-02-blueberry/blob/main/contracts/BlueBerryBank.sol#L693-L699
wAmount is transferred to the user, which cannot be greater than pos.underlyingAmount, which is the amount of underlying token the user lent to the protocol:
https://github.com/sherlock-audit/2023-02-blueberry/blob/main/contracts/BlueBerryBank.sol#L644
Impact
Users do not have access to rewards accumulated by lending.
Code Snippet
Tool used
Manual Review
Recommendation
Do not cap based on underlying amount
Duplicate of #109
The text was updated successfully, but these errors were encountered: