code423n4 commented 2 years ago

Handle

robee

Vulnerability details

The following functions are not payable but uses msg.value - therefore the function must be payable. This can lead to undesired behavior.

    CreditLine.sol, _depositCollateral is payable but doesn't use msg.value
    CreditLine.sol, _repay is payable but doesn't use msg.value
    Repayments.sol, _transferTokens is payable but doesn't use msg.value
    SavingsAccount.sol, _deposit is payable but doesn't use msg.value
    SavingsAccount.sol, _depositToYield is payable but doesn't use msg.value
    SavingsAccountUtil.sol, directDeposit is payable but doesn't use msg.value
    SavingsAccountUtil.sol, directSavingsAccountDeposit is payable but doesn't use msg.value
    SavingsAccountUtil.sol, transferTokens is payable but doesn't use msg.value

ritik99 commented 2 years ago

The functions mentioned are all internal, their callers have the payable modifier. Internal functions do not need to be marked payable (Ref)

0xean commented 2 years ago

closing as invalid.

code-423n4 / 2021-12-sublime-findings

Missing payable #153

Handle

Vulnerability details