Closed robertleifke closed 2 months ago
Recommendation:
Long term, ensure all functions that are intended to interact with ether are clearly marked and explicitly use the msg.value field. All functions that are not meant to take ether should not be payable.
Merge successful. Removed Payable Modifier.
Description:
Several functions in the system, spanning multiple contracts, are marked with the payable modifier despite not using the
msg.value
field. This means a user may lose funds, thinking that they need to include ether in their transaction or by sending ether to these function calls.LiquidityManager.removeLiquidity
LiquidityManager.collect
SelfPermit.selfPermit
SelfPermit.selfPermitAllowed
Payment.unwrapETH
Payment.sweepToken
LendgineRouter.burn
Action items: