Skip to content

[Contracts] LendingPool redeem math uses expect panics with no zero/empty-pool guard, can trap funds #3

Description

@grantfox-oss

Telegram (ask questions / claim the issue here first): https://t.me/+DOylgFv1jyJlNzM0

Why this matters

In lending_pool/src/lib.rs, redeem_shares calls calc_assets_to_redeem(shares, total_assets, cur_total_shares) which does shares.checked_mul(total_assets).and_then(checked_div(cur_total_shares)).expect("share redeem overflow"). If cur_total_shares is inconsistent with a holding, or total_assets is 0 after loans drain the pool, redemption either panics with a non-typed expect or returns 0 and reverts with InvalidAmount, trapping funds. The provider-share vs total-share invariant is never asserted.

Acceptance criteria

  • Guard calc_assets_to_redeem against cur_total_shares == 0 and total_assets == 0 with a typed PoolError instead of expect panics
  • Define behavior when the pool token balance is below what outstanding shares represent (loans not yet repaid): return a typed InsufficientLiquidity error
  • Replace the raw expect panics in redeem math with typed errors where reachable by user input
  • Add tests for redeeming when the pool has been partially drained by loans

Files to touch

  • lending_pool/src/lib.rs

Out of scope

  • Changing the loan disbursement source
  • Yield distribution redesign

Metadata

Metadata

Assignees

Labels

GrantFox OSSIssue tracked in GrantFox OSSMaybe RewardedIssue may be eligible for a GrantFox rewardOfficial CampaignCampaign: Official CampaignbugSomething isn't workinghardAdvanced / high-difficulty issue

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions