In the function _doSherX in Payout.sol, the natSpec comment @return states that sherUsd is the 'Total amount of USD of the underlying tokens that are being transferred'. I think that's a typo, and it's supposed to be the amount excluded from being transferred.
Evert0x
commented
3 years ago
Handle
0xsanson
Vulnerability details
Impact
In the function
_doSherXin Payout.sol, the natSpec comment @return states thatsherUsdis the 'Total amount of USD of the underlying tokens that are being transferred'. I think that's a typo, and it's supposed to be the amount excluded from being transferred.Proof of Concept
Payout.sol L71
Tools Used
editor
Recommended Mitigation Steps
Correct the statement.