search

code-423n4 / 2023-05-venus-findings

2 stars 1 forks source link

`VToken.sol#_repayBorrowFresh` If the UnderlyingToken requires transaction fees, there will always be some debt remaining #449

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-05-venus/blob/main/contracts/VToken.sol#L946

Vulnerability details

Impact

File: VToken.sol
 946         uint256 repayAmountFinal = repayAmount > accountBorrowsPrev ? accountBorrowsPrev : repayAmount;
--skip--
 958         uint256 actualRepayAmount = _doTransferIn(payer, repayAmountFinal);

repayAmount is not allowed to exceed accountBorrowsPrev, which leads to the fact that if the UnderlyingToken has transaction fees, some debts will never be repaid. Cause the user to never be able to call exitMarket

Proof of Concept

Tools Used

manual

Recommended Mitigation Steps

It is recommended to allow repayAmount to exceed accountBorrowsPrev to cover transaction fees

Assessed type

DoS

c4-judge commented 1 year ago

0xean marked the issue as unsatisfactory: Insufficient quality