Assessment reports>Voyage>Low findings>The maxWithdraw functionality is broken
Category: Business Logic

The maxWithdraw functionality is broken

Low Severity
Low Impact
High Likelihood

Description

Depositors will be unable to use the intended maxWithdraw functionality in withdraw(...):

uint256 userBalance = vToken.maxWithdraw(msg.sender);
uint256 amountToWithdraw = _amount;
if (_amount == type(uint256).max) {
    amountToWithdraw = userBalance;
}
BorrowState storage borrowState = LibAppStorage.ds()._borrowState[
    _collection
][reserve.currency];
uint256 totalDebt = borrowState.totalDebt + borrowState.totalInterest;
uint256 avgBorrowRate = borrowState.avgBorrowRate;
IVToken(vToken).withdraw(_amount, msg.sender, msg.sender);

Impact

Users will need to make withdraw requests for exact amounts in order to retrieve all of their deposited funds. If the _amount provided in the function call exceeds the available balance, the function will fail with no clear error message. This can create a frustrating and unexpected user experience.

Recommendations

Change

IVToken(vToken).withdraw(_amount, msg.sender, msg.sender);

to

IVToken(vToken).withdraw(amountToWithdraw, msg.sender, msg.sender);

Also, modify the _amount check to the following:

if (_amount == type(uint256).max || _amount > userBalance) {
    amountToWithdraw = userBalance;
}

Remediation

Commits aac23ae9 and 0e00c990 were indicated as containing the remediation. The commits correctly fix the issue by applying the suggested remediations.

Zellic © 2024Back to top ↑