Functions marked payable do not use msg.value field - Githubissues

numotrade / numo2

🤖 Leverage on long-tail tokens.

Other

0 stars 0 forks source link

Functions marked payable do not use msg.value field #11

Open robertleifke opened 1 week ago

robertleifke commented 1 week ago

Description:

Several functions in the system, spanning multiple contracts, are marked with the payable modifier despite not using the msg.value field. This means a user may lose funds, thinking that they need to include ether in their transaction or by sending ether to these function calls.

LiquidityManager.removeLiquidity
LiquidityManager.collect
SelfPermit.selfPermit
SelfPermit.selfPermitAllowed
Payment.unwrapETH
Payment.sweepToken
LendgineRouter.burn

Action items:

Remove the payable modifier from all the effected functions.

robertleifke commented 1 week ago

Recommendation:

Long term, ensure all functions that are intended to interact with ether are clearly marked and explicitly use the msg.value field. All functions that are not meant to take ether should not be payable.