Bnke0x0 - User's may accidentally overpay in depositVaultCashToStrategyTokens()/repaySecondaryCurrencyFromVault()/_redeem() and the excess will be paid to the vault creator #4
User's may accidentally overpay in depositVaultCashToStrategyTokens()/repaySecondaryCurrencyFromVault()/_redeem() and the excess will be paid to the vault creator
Summary
User's may accidentally overpay in depositVaultCashToStrategyTokens()/repaySecondaryCurrencyFromVault()/_redeem() and the excess will be paid to the vault creator
Vulnerability Detail
Impact
It is possible for a user purchasing an option to accidentally overpay the premium during depositVaultCashToStrategyTokens()/repaySecondaryCurrencyFromVault()/_redeem() .
Any excess funds paid for in excess of the premium will be transferred to the vault creator.
Bnke0x0
medium
User's may accidentally overpay in depositVaultCashToStrategyTokens()/repaySecondaryCurrencyFromVault()/_redeem() and the excess will be paid to the vault creator
Summary
User's may accidentally overpay in depositVaultCashToStrategyTokens()/repaySecondaryCurrencyFromVault()/_redeem() and the excess will be paid to the vault creator
Vulnerability Detail
Impact
It is possible for a user purchasing an option to accidentally overpay the premium during depositVaultCashToStrategyTokens()/repaySecondaryCurrencyFromVault()/_redeem() .
Any excess funds paid for in excess of the premium will be transferred to the vault creator.
Code Snippet
https://github.com/sherlock-audit/2022-09-notional/blob/main/contracts-v2/contracts/external/actions/VaultAction.sol#L191
https://github.com/sherlock-audit/2022-09-notional/blob/main/contracts-v2/contracts/external/actions/VaultAction.sol#L336
https://github.com/sherlock-audit/2022-09-notional/blob/main/contracts-v2/contracts/internal/vaults/VaultConfiguration.sol#L635
https://github.com/sherlock-audit/2022-09-notional/blob/main/contracts-v2/contracts/internal/vaults/VaultConfiguration.sol#L651
Tool used
Manual Review
Recommendation
Consider changing '>=' to '=='
https://github.com/sherlock-audit/2022-09-notional/blob/main/contracts-v2/contracts/external/actions/VaultAction.sol#L191
https://github.com/sherlock-audit/2022-09-notional/blob/main/contracts-v2/contracts/external/actions/VaultAction.sol#L336
https://github.com/sherlock-audit/2022-09-notional/blob/main/contracts-v2/contracts/internal/vaults/VaultConfiguration.sol#L635
https://github.com/sherlock-audit/2022-09-notional/blob/main/contracts-v2/contracts/internal/vaults/VaultConfiguration.sol#L651