Sharp Carmine Tortoise
High
The delever function calls the _setToken.invokeApprove function through the _repayBorrow function. If loan token is USDT it will cause the delever function to revert as USDT doesn't allow the token to be approved again when the approved amount is already more than 0. This could cause the delever function to be permanently blocked if USDT is used as the loan token which eventually could cause unwanted liquidations.
The delever function relies on the _repayBorrow function.
Inside the _repayBorrow function, the _setToken.invokeApprove function is called to approve the required token before it calls _setToken.invokeRepay function. The _setToken.invokeRepay function in some chances will not necessarily use all the approved amount because the post trade amount can be greater than the (borrowed amount + interest rate) . As a result it's highly likely there will be some leftover approved amount. The logic inside the _repayBorrow function is fine for most ERC20 tokens, however this will fail for some tokens like USDT the second time this function is called, as USDT doesn't allow the token to be approved again with an amount more than 0 when the approved amount is already more than 0.
No response
- USDT is used as the loan token
- USDT approval amount is already > 0
- SetToken manager call delever with USDT as loan token.
- SetToken manager call delever (again) with USDT as loan token. (Transaction reverted)
Delever can be bricked which is the function indirectly used by every user using morpho extension which could lead to unwanted liquidations for users.
No response
In the _repayBorrow function:
If loan token used is USDT then check if the approval amount is already more than 0 if yes skip the approval. Alternatively, call the approval with 0 amount to reset the approval amount to 0, then call again with the real approval amount.