Possibly not all synths can be withdrawn

[code423n4]

Handle

cmichel

Vulnerability details

The LongShort._handleTotalPaymentTokenValueChangeForMarketWithYieldManager function assumes that the YieldManager indeed withdraws all of the desired payment tokens, but it could be that they are currently lent out at Aave.

// NB there will be issues here if not enough liquidity exists to withdraw
// Boolean should be returned from yield manager and think how to appropriately handle this
IYieldManager(yieldManagers[marketIndex]).removePaymentTokenFromMarket(
  uint256(-totalPaymentTokenValueChangeForMarket)
);

Trying to withdraw these tokens will then fail.

Recommended Mitigation Steps

Boolean should be returned from yield manager and think how to appropriately handle this 😁

[JasoonS]

That happens on the user level, they can just try again later (our UI will give a good message).

It was designed like this.

[0xean]

based on the incorrect comment in the code I am going to leave as a 1 (per - https://docs.code4rena.com/roles/wardens/judging-criteria#estimating-risk-tl-dr)

but it does look like the system is designed to handle this scenario regardless of the boolean returned (or not being returned)