In refund_invoice, an arbitrarily small refund (larger than the fee) is possible. After a refund, no further refund is possible.
The only way to refund would be to refund by doing transfers completely outside of the invoice canister. However, that would not be documented in the invoice.
Risk Description
If accidentally a very small refund would be done, this may block further refunds.
Recommendations
specify (in the design) the intended behavior of refund flows.
e.g. should it be possible to refund several times? How would that be documented in the invoice stored on the canister?
Observation
In
refund_invoice
, an arbitrarily small refund (larger than the fee) is possible. After a refund, no further refund is possible.The only way to refund would be to refund by doing transfers completely outside of the invoice canister. However, that would not be documented in the invoice.
Risk Description
If accidentally a very small refund would be done, this may block further refunds.
Recommendations