H-05 MitigationConfirmed

[c4-submissions]

Lines of code

Vulnerability details

Comments

The vulnerability is obvious. The excess tokens in swapTokensForExactETH are not returned to the user, resulting in loss of funds.

Mitigation

ogInAsset.safeTransfer(msg.sender, amountInMax - amounts[0]);

Obtain the actual amount of funds used by returning the value, calculate the difference and return the excess funds.

Conclusion

LGTM

[c4-judge]

gzeon-c4 marked the issue as confirmed for report

[c4-judge]

gzeon-c4 marked the issue as satisfactory