Open code423n4 opened 1 year ago
0xSorryNotSorry marked the issue as duplicate of #534
GalloDaSballo changed the severity to QA (Quality Assurance)
4 Lows, awarding B because the quality of the reports is very high, recommend you send a QA next time as you may actually win in aggregate
GalloDaSballo marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-04-caviar/blob/main/src/PrivatePool.sol#L623-L654 https://github.com/code-423n4/2023-04-caviar/blob/main/src/PrivatePool.sol#L631-L635
Vulnerability details
Impact
Excess ETH for the flashloan fee is not refunded
Proof of Concept
https://github.com/code-423n4/2023-04-caviar/blob/main/src/PrivatePool.sol#L623-L654 https://github.com/code-423n4/2023-04-caviar/blob/main/src/PrivatePool.sol#L631-L635
https://github.com/code-423n4/2023-04-caviar/blob/main/src/PrivatePool.sol#L631-L635
Here the
msg.value
could be more thanfee
. So remaining ETH should get refunded to the caller at then end offlashloan
call.Tools Used
Manual Review
Recommended Mitigation Steps
Consider refunding remaining ETH to the caller at the end of the
flashloan
call like