Join our community: https://t.me/+DOylgFv1jyJlNzM0
Description
deposit() in contracts/lending_pool/src/lib.rs allows any single depositor to hold an unlimited share of the pool. A single whale could deposit 99% of the pool, giving them effective veto power over the pool's liquidity: they can withdraw at any time and drain 99% of available funds from active loans.
The pool has a max_pool_size per token but no per-depositor concentration limit.
Expected Behavior
Add a maximum depositor concentration check, for example:
const MAX_DEPOSITOR_CONCENTRATION_BPS: u128 = 5000; // max 50% of pool
let new_shares_pct = (new_total_shares_for_provider * 10000) / total_shares;
assert!(new_shares_pct <= MAX_DEPOSITOR_CONCENTRATION_BPS, "deposit exceeds concentration limit");
This limit can be made configurable by the admin, but a default cap protects against naive whale concentration.
Impact
Medium. A concentrated depositor creates liquidity risk. If they withdraw, all pending loan disbursements fail and active loans cannot be funded.
Description
deposit()incontracts/lending_pool/src/lib.rsallows any single depositor to hold an unlimited share of the pool. A single whale could deposit 99% of the pool, giving them effective veto power over the pool's liquidity: they can withdraw at any time and drain 99% of available funds from active loans.The pool has a
max_pool_sizeper token but no per-depositor concentration limit.Expected Behavior
Add a maximum depositor concentration check, for example:
This limit can be made configurable by the admin, but a default cap protects against naive whale concentration.
Impact
Medium. A concentrated depositor creates liquidity risk. If they withdraw, all pending loan disbursements fail and active loans cannot be funded.