When the LendingPool borrowing rate is too high, _rebalance could revert #629
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-693
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2023-02-ethos/blob/73687f32b934c9d697b97745356cdf8a1f264955/Ethos-Core/contracts/ActivePool.sol#L239
Vulnerability details
Impact
If the vault is withdrawing from the strategy and the lendingPool doesn't have enough amount to withdraw, due to excessive borrowing, withdrawals will stop working.
This will make
_rebalance
revert, which in turn will cause:Both of those functions are meant to reduce risk to the system, meaning that in cases of reverts, the system may forcefully end up in bad-debt as liquidators and redeemers will be unable to perform their function.
See this quote:
From this article
Additional Note
I sent a High Exploiting this:
Denial of liquidations and Redemptions by overborrowing
Consider keeping them separate as the "exploit vs no exploit findings"
Remediation
Allowing to draw from the capital available can offer partial relief
However if the capital to withdraw is high enough, then the system will eventually start reverting as you cannot assume that the pool can be withdrawn from at all times
The text was updated successfully, but these errors were encountered: