Open c4-bot-9 opened 3 months ago
The Pool assumes loanLiquidation() will always receive only principal amount back without any interest. It could cause the performance fee to be missed.
loanLiquidation()
Added logic to ensure the performance is charged in case the loan is liquidated.
- uint256 fees = IFeeManager(getFeeManager).processFees(_received, 0); + uint256 fees; + if (_received > _principalAmount) { + fees = IFeeManager(getFeeManager).processFees(_principalAmount, _received - _principalAmount); + }else { + fees = IFeeManager(getFeeManager).processFees(_received, 0); + }
alex-ppg marked the issue as satisfactory
Lines of code
Vulnerability details
Issue
The Pool assumes
loanLiquidation()
will always receive only principal amount back without any interest. It could cause the performance fee to be missed.Mitigation
Added logic to ensure the performance is charged in case the loan is liquidated.