Closed code423n4 closed 2 years ago
WatchPug
https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/LendingPair.sol#L221-L235
function repayAllETH(address _account, uint _maxAmount) external payable nonReentrant { _validateToken(address(WETH)); accrue(address(WETH)); uint amount = _repayShares(_account, address(WETH), debtSharesOf[address(WETH)][_account]); require(msg.value >= amount, "LendingPair: insufficient ETH deposit"); require(amount <= _maxAmount, "LendingPair: amount <= _maxAmount"); _depositWeth(); uint refundAmount = msg.value > amount ? (msg.value - amount) : 0; if (refundAmount > 0) { _wethWithdrawTo(msg.sender, refundAmount); } }
Use Checks-Effects-Interactions pattern for all functions.
Dupllcate #49
it's gas optimization
Handle
WatchPug
Vulnerability details
https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/LendingPair.sol#L221-L235
Recommendation
Use Checks-Effects-Interactions pattern for all functions.