search

code-423n4 / 2021-10-union-findings

0 stars 0 forks source link

UserManager: debtWriteOff() doesn't need if borrower has sufficient assets frozen before subtracting #44

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

itsmeSTYJ

Vulnerability details

Impact

debtWriteOff() doesn't need if borrower has sufficient assets frozen before subtracting since the contract uses solidity 0.8.0 and above.

Recommended Mitigation Steps

Remove the if condition check in debtWriteOff()

GalloDaSballo commented 3 years ago

Agree with finding As of solidity 0.8 underflow and overflow checks come with ordinary math operations, the require check is redundant

maxweng commented 3 years ago

I think the warden was talking about this line: https://github.com/unioncredit/union-v1-contracts/blob/4b3a6e307ebd4b805641b132d146ed6db2f5bcf9/contracts/user/UserManager.sol#L737 And we need that check to reset the frozen amount to zero.