Small Shamrock Rook
Medium
In any lending protocol, all actions which affect the interest rate should be performed AFTER accruing interest so far. This is to ensure that interest is accrued fairly.
For example, if the protocol was untouched for 1 day, and a user was hypothetically able to atomically max out the utilisation ratio before accruing interest for the 1 day, it would cause the borrowers to pay a much high interest rate for the entire day, which does not reflect the actual util ratio over that time period. This is why it's important to accrue interest BEFORE any actions that can change the util ratio / interest rate.
NumaVault.withdrawToken() withdraws tokens from the vault. If the token is the LST, it lowers the available funds in the vault, increasing the utilisation rate. However interest is not accrued before this action, causing incorrect (higher) interest accrual when it is accrued next.
NumaVault.withdrawToken() transfers out tokens without accruing interest first.
Admin uses the withdrawToken() function to withdraw some amount of LST from the vault
No response
Borrowers pay more interest unfairly
No response
Call cLst.accrueInterest() within NumaVault.withdrawTokens().