In LienToken.sol, the _payment() function to repay the lien can accept more than the loan amount. If the borrower pay more than the loan amount by mistake, the fund is lost.
Vulnerability Detail
The function only handle the case when the payment is less than lien.amount. But if the repay amount is bigger, the excess fund will not be returned to the borrower. This situation could happen since a mistakenly input decimal can inflate the amount by 10 times, or other input mistakes could possibly happen.
141345
medium
Over payment should be returned
Summary
In LienToken.sol, the
_payment()function to repay the lien can accept more than the loan amount. If the borrower pay more than the loan amount by mistake, the fund is lost.Vulnerability Detail
The function only handle the case when the payment is less than
lien.amount. But if the repay amount is bigger, the excess fund will not be returned to the borrower. This situation could happen since a mistakenly input decimal can inflate the amount by 10 times, or other input mistakes could possibly happen.Impact
Borrower might lose fund due to mistake.
Code Snippet
https://github.com/sherlock-audit/2022-10-astaria/blob/main/src/LienToken.sol#L623-L637
Tool used
Manual Review
Recommendation
Return the excess payment to the borrower.
Duplicate of #28