Open langnavina97 opened 1 month ago
Missing input verification:
require(_receiver != address(0), "Invalid receiver address");
require(repayData._factory != address(0) && repayData._token0 != address(0) && repayData._token1 != address(0), "Invalid address");
require(repayData._flashLoanToken != address(0), "Invalid flash loan token");
require(repayData._flashLoanAmount.length > 0 && repayData._debtRepayAmount.length > 0, "Empty amount array");
require(repayData._flashLoanAmount.length == repayData._debtRepayAmount.length, "Mismatched amount arrays");
require(repayData._debtToken.length == repayData._protocolToken.length, "Mismatched token arrays");
require(repayData.firstSwapData.length == repayData.secondSwapData.length, "Mismatched swap data arrays");
require(vault != address(0) && executor != address(0) && controller != address(0) && receiver != address(0), "Invalid address");
require(lendTokens.length > 0, "No lend tokens provided");
require(totalCollateral > 0, "Invalid total collateral");
require(fee <= MAX_FEE, "Fee exceeds maximum allowed"); // Define MAX_FEE constant
require(flashData.flashLoanToken != address(0), "Invalid flash loan token");
require(flashData.debtToken.length == flashData.protocolTokens.length, "Mismatched token arrays");
require(flashData.flashLoanAmount.length == flashData.debtRepayAmount.length, "Mismatched amount arrays");
require(flashData.firstSwapData.length == flashData.secondSwapData.length, "Mismatched swap data arrays");
require(_user != address(0) && _controller != address(0) && _protocolToken != address(0), "Invalid address");
require(lendTokens.length > 0, "No lend tokens provided");
require(_debtRepayAmount > 0, "Invalid debt repay amount");
require(feeUnit > 0 && feeUnit <= MAX_FEE_UNIT, "Invalid fee unit"); // Define MAX_FEE_UNIT
require(totalCollateral > 0, "Invalid total collateral");
==> Suggestions from Cursor, might be suggesting duplicate checks, to be checked!!!
[ ] The exemptionIndex param is not being used in the added part, please move it down to where it's used to make it more readable
uint256 exemptionIndex = 0;
_borrowManager.repayBorrow(
_portfolioTokenAmount,
totalSupplyPortfolio,
repayData
);
RepayFailed
address[] memory underlying = new address[](borrowedLength); // Array to store underlying tokens of borrowed assets
uint256[] memory tokenBalance = new uint256[](borrowedLength); // Array to store balances of borrowed tokens
uint256 totalFlashAmount; // Variable to track total flash loan amount
underlying = new address[](borrowedLength);
tokenBalance = new uint256[](borrowedLength);
executeUserFlashLoan
: call the variable borrowedTokenalgebraFlashCallback
)
address controller = _protocolConfig.marketControllers(
flashData.protocolTokens[0]
);
Concerns:
1. Potential Out of Gas Error
2. Risk of User Loss Due to Manipulated Token List
Further concerns we should investigate (not sure if they're issues):