Open code423n4 opened 3 years ago
cmichel
The LendingPair.repayAllETH function takes a _maxAmount parameter.
LendingPair.repayAllETH
_maxAmount
However, this parameter is not necessary as the caller's msg.value already has the same behavior of a _maxAmount.
msg.value
Remove the _maxAmount parameter to save gas. Users should use msg.value as a max amount.
Handle
cmichel
Vulnerability details
The
LendingPair.repayAllETHfunction takes a_maxAmountparameter.However, this parameter is not necessary as the caller's
msg.valuealready has the same behavior of a_maxAmount.Recommendation
Remove the
_maxAmountparameter to save gas. Users should usemsg.valueas a max amount.