Read the findings of the 2022 Web3 Security Report

According to the contract, the lending market owner has authority over the following functions:
- `set_lending_market_owner()` which will set new lending market owner
- `remove_reserve()` which will remove the reserve
- `redeem_reserve_collateral()`, which will redeem collateral from a reserve.
- `SetBorrowRate()` which will change the `max_borrow_rate` of a reserve.

Any compromise to the lending market owner's account may allow the hacker to take advantage of this and result in unexpected loss.


Centralization Related Risks[Not finalized]

In the function `redeem_reserve_collateral()`, 
the input `amount` is used to specify the quantity of collateral for redemption. 
However, in the following code, if the input `amount` is less than `reserve.total_collateral`,
the program will return an error of `NotEnoughCollateral`.
It expects the `amount` to be greater than `reserve.total_collateral`.

```rust=379
        if reserve.total_collateral > amount {
            return Err(LendingError::NotEnoughCollateral.into());
        }
```


Incorrect Branch Selection

In the source file `lib.rs`, the following code snippets use add(+) or sub(-) directly, 
which may lead to overflow or underflow in the runtime.
```rust=142
        obligation.input_amount= obligation.input_amount + collateral_amount;
        reserve.total_collateral = reserve.total_collateral + collateral_amount;
```
```rust=236
        obligation.input_amount= obligation.input_amount - real_amount;
        reserve.total_collateral = reserve.total_collateral - real_amount;
```
```rust=314
        obligation.output_amount = obligation.output_amount + liquidity_amount;
        reserve.total_liquidity = reserve.total_liquidity - liquidity_amount;
```
```rust=353
        obligation.output_amount = obligation.output_amount - real_amount;
        reserve.total_liquidity = reserve.total_liquidity + real_amount;
```
```rust=399
        reserve.total_collateral = reserve.total_collateral - amount;
```
```rust=427
        reserve.total_liquidity = reserve.total_liquidity + _amount;
```


Unsafe Mathematical Operations

In L17, the program is using a default program ID provided by the Anchor Framework:
```rust=17
  declare_id!("Fg6PaFpoGXkYsidMpWTK6W2BeZ7FEfcYkg476zPFsLnS");
```

Inapproiate Program ID

This program relies on a third-party program as the price oracle of a reserve(`reserve.liquidity_oracle`). 

Such a price oracle plays a crucial role in reporting the token price and determining the borrowing rate in the following functions:
- `withdraw_collateral()` 
- `borrow_liquidity()` 

Third Party Dependencies

The following code verifies if the mint of `dest_collateral` account equals to `reserve.collateral_mint`, 
but produces an error message of `LendingError::NotMatchLiquidityMint` if no match found.
```rust=129
        if dest_collateral.mint != reserve.collateral_mint {
            return Err(LendingError::NotMatchLiquidityMint.into());
        }
```

```rust=173
        if dest_collateral.mint != reserve.collateral_mint {
            return Err(LendingError::NotMatchLiquidityMint.into());
        }
```



Inappropriate Error Message

The following accounts are declared as writable(`mut`) in the current codebase, 
but their data or lamports are not modified in the corresponding functions.
Marking accounts as read-only instead can enable parallel account processing between transactions,
and hence speeding up the whole program. 

- In struct `SetBorrowRate`
  ```rust=447
    #[account(mut,signer)]
    owner : AccountInfo<'info>,
  ```
- In struct `DepositReserveLiquidity`
  ```rust=459
    #[account(mut,signer)]
    owner : AccountInfo<'info>
  ```
- In struct `RedeemReserveCollateral`
  ```rust=477
    #[account(mut,signer)]
    owner : AccountInfo<'info>,
  ```
- In struct `RepayLiquidity`
  ```rust=497
    #[account(mut,signer)]
    owner : AccountInfo<'info>,
  ```
- In struct `BorrowLiquidity`
  ```rust=519
    #[account(mut,signer)]
    owner : AccountInfo<'info>,
  ```

- In struct `WithdrawCollateral`
  ```rust=544
    #[account(mut,signer)]
    owner : AccountInfo<'info>,
  ```
- In struct `DepositCollateral`
  ```rust=569
    #[account(mut,signer)]
    owner : AccountInfo<'info>,
  ```
- In struct `SetLendingMarketOwner`
  ```rust=640
    #[account(mut, signer)]
    owner : AccountInfo<'info>,

    #[account(mut)]
    new_owner : AccountInfo<'info>,
  ```
- In struct `RemoveReserve`
  ```rust=648
    #[account(mut)]
    reserve : ProgramAccount<'info,Reserve>,

    #[account(mut, signer)]
    owner : AccountInfo<'info>,
  ```

Unnecessary Writability

The function `remove_reserve()` is used to facilitate a feature of removing a reserve form the lending market. 
It sets the `useful` flag to 0.
Unfortunately, this function appears to be deficient in the current implementation. 

First, the value of flag `useful` is never used when a user interacts with the program, 
even though its value is set to 1 and 0 when initializing and removing a reserve, respectively. 
Therefore, users can still access the reserve even after `remove_reserve()` being executed.

Second, certain crucial operations are missing when removing a reserve. 
For example, collaterals should be withdrawn from the reserve to be deleted;
the liquidity check should be performed to make sure that all liquidities are repaid. 


Incomplete Reserve Removal

In the current codebase, there are two concerns related to the `deposit_reserve_liquidity`: 
- the function visibility issue in the current implementation allows anyone to invoke the function `deposit_reserve_liquidity` to deposit liquidity.
- `reserve.total_liquidity` will keep growing and there is no way to withdraw it by user or lending market owner.


Discussion About `deposit_reserve_liquidity`

Seeded

utils.rs

lib.rs

Seeded Network

Highlights & Alerts

This is just a placeholder

highlight placeholder lorem Ipsum...

highlight lorem

This is a alert demo

Alert demo

Code Audit History

9

0

7

0

2