In IndexTemplate, function compensate, When _amount > _value, and <= totalLiquidity(), the value of _compensated is not set, so it gets a default value of 0:
But nevertheless, in both cases, it calls vault.offsetDebt, even when the _compensated is 0 (no else block).
Recommended Mitigation Steps
I think, in this case, it should try to redeem the premium (withdrawCredit?) to cover the whole amount, but I am not sure about the intentions as I didn't have enough time to understand this protocol in depth.
Handle
pauliax
Vulnerability details
Impact
In IndexTemplate, function compensate, When _amount > _value, and <= totalLiquidity(), the value of _compensated is not set, so it gets a default value of 0:
But nevertheless, in both cases, it calls vault.offsetDebt, even when the _compensated is 0 (no else block).
Recommended Mitigation Steps
I think, in this case, it should try to redeem the premium (withdrawCredit?) to cover the whole amount, but I am not sure about the intentions as I didn't have enough time to understand this protocol in depth.