wethLefts cannot be used #28
Description
Lines of code
Vulnerability details
Impact
WETH cannot be used, resulting in a loss of funds
Proof of Concept
The _payDebt function may produce extra weth,
these weth are provided to AAVE through _supply for use as collateral.
function _payDebt(uint256 debtAmount, uint256 fee) internal {
.....
uint256 wethLefts = output > (debtAmount + fee) ? output - (debtAmount + fee) : 0;
if (wethLefts > 0) {
_supply(wETHA(), wethLefts);
}
emit StrategyUndeploy(msg.sender, debtAmount);
}The problem is StrategyAAVEv3 doesn't use WETH as collateral.
//_supplyAndBorrow(ierc20A(), collateralIn, wETHA(), loanAmount + fee);
function _supplyAndBorrow(address assetIn,uint256 amountIn,address assetOut,uint256 borrowOut
) internal override virtual{
_supply(assetIn, amountIn);
//@audit assetIn is always ierc20A
aaveV3().setUserUseReserveAsCollateral(assetIn, true);
aaveV3().borrow(assetOut, borrowOut, 2, 0, address(this));
}So wethLefts cannot be used.
_getMMPosition Obtaining collateralBalance also does not contain wETH
function _getMMPosition() internal virtual override view returns ( uint256 collateralBalance, uint256 debtBalance ) {
DataTypes.ReserveData memory wethReserve = (aaveV3().getReserveData(wETHA()));
DataTypes.ReserveData memory colleteralReserve = (aaveV3().getReserveData(ierc20A()));
debtBalance = IERC20(wethReserve.variableDebtTokenAddress).balanceOf(address(this));
@> collateralBalance = IERC20(colleteralReserve.aTokenAddress).balanceOf(address(this));
}Tools Used
vscode, manual
Recommended Mitigation Steps
Convert WETH to ierc20A and then call _supply
Assessed type
Other