[Contracts] LendingPool redeem math uses expect panics with no zero/empty-pool guard, can trap funds

[grantfox-oss]

Telegram (ask questions / claim the issue here first): https://t.me/+DOylgFv1jyJlNzM0

Why this matters

In lending_pool/src/lib.rs, redeem_shares calls calc_assets_to_redeem(shares, total_assets, cur_total_shares) which does shares.checked_mul(total_assets).and_then(checked_div(cur_total_shares)).expect("share redeem overflow"). If cur_total_shares is inconsistent with a holding, or total_assets is 0 after loans drain the pool, redemption either panics with a non-typed expect or returns 0 and reverts with InvalidAmount, trapping funds. The provider-share vs total-share invariant is never asserted.

Acceptance criteria

• Guard calc_assets_to_redeem against cur_total_shares == 0 and total_assets == 0 with a typed PoolError instead of expect panics
• Define behavior when the pool token balance is below what outstanding shares represent (loans not yet repaid): return a typed InsufficientLiquidity error
• Replace the raw expect panics in redeem math with typed errors where reachable by user input
• Add tests for redeeming when the pool has been partially drained by loans

Files to touch

• lending_pool/src/lib.rs

Out of scope

• Changing the loan disbursement source
• Yield distribution redesign

[david87131]

I have reviewed the issue and the surrounding code and I am confident I can deliver it. My approach is to keep the diff small, match the existing patterns in the repo, and include a test before opening the PR. I can have it up for review within 3 days.

[grantfox-oss]

🦊 GrantFox — @david87131 has been assigned to this issue as part of the Official Campaign campaign!

Next steps:

1. Open a Pull Request referencing this issue (e.g., Closes #3)
2. Your PR will be reviewed by the LabsCrypt maintainers

Good luck! Track your progress on GrantFox.