Opportunity to steal the ETH using function refundETH()

[c4-bot-8]

Lines of code

https://github.com/code-423n4/2023-01-numoen/blob/002df14f9a90cdfd3f730b1c5686b0b381225068/src/periphery/Payment.sol#L45

Vulnerability details

Anyone that see this opportunity can call refundETH() to retrieve the excess ETH.

The borrower could retrieve the remaining ETH with a separate call to refundETH(). However, as the calls are not atomic, it is possible for a MEV bot to frontrun the borrower and steal the ETH too.

Assessed type

Other

[c4-judge]

Picodes marked the issue as unsatisfactory: Invalid