Open code423n4 opened 2 years ago
0xRajeev
Adding a require on positionID not being 0 in withdrawUniPosition() will avoid gas usage from external call and other following logic, in cases where the msg.sender does not have a valid uniPosition.
https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/LendingPair.sol#L114-L121
Manual Analysis
Add a require on positionID != 0 in the beginning of withdrawUniPosition()
Handle
0xRajeev
Vulnerability details
Impact
Adding a require on positionID not being 0 in withdrawUniPosition() will avoid gas usage from external call and other following logic, in cases where the msg.sender does not have a valid uniPosition.
Proof of Concept
https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/LendingPair.sol#L114-L121
Tools Used
Manual Analysis
Recommended Mitigation Steps
Add a require on positionID != 0 in the beginning of withdrawUniPosition()