Users can withdraw beyond their collateral

UptownResearch / pyTokenSpike

intial work on pyTokens

0 stars 0 forks source link

Open alcueca opened 4 years ago

alcueca commented 4 years ago

I think that a require is missing: `require(repos[msg.sender].userCollateral >= amount, "withdrawCollateral/not-enough-collateral");

Alternatively, you can use SafeMath:

repos[msg.sender].userCollateral = repos[msg.sender].userCollateral.sub(
    amount,
    "withdrawCollateral/not-enough-collateral"
);

aniemerg commented 4 years ago

SafeMath would be fine. I'm not super-familiar with it, but better math was of course the reason I reached out.