Closed sherlock-admin closed 2 years ago
ak1
medium
When making payment from a payer to a specific lien against a CollateralToken, all the payment amount is taken.
This is applicable even if lien.amount < paymentAmount - payment amount is more. User could loss his/her amount.
lien.amount < paymentAmount
If user pay more amount as payment, the current implementation does not return the excess amount back to user.
https://github.com/sherlock-audit/2022-10-astaria/blob/main/src/LienToken.sol#L630-L645
Above line of code shows the transaction made while payment.
https://github.com/sherlock-audit/2022-10-astaria/blob/main/src/LienToken.sol#L594-L649
Manual Review
Consider implementing logic to handle the excess payment and return the extra value back to the user.
This will maintain the healthy relationship between the end to user and to the protocol.
Duplicate of #28
ak1
medium
LienToken.sol#L594 : _payment is taking all. It is not refunding the excess amount back to user.
Summary
When making payment from a payer to a specific lien against a CollateralToken, all the payment amount is taken.
This is applicable even if
lien.amount < paymentAmount- payment amount is more. User could loss his/her amount.Vulnerability Detail
If user pay more amount as payment, the current implementation does not return the excess amount back to user.
https://github.com/sherlock-audit/2022-10-astaria/blob/main/src/LienToken.sol#L630-L645
Above line of code shows the transaction made while payment.
Impact
If user pay more amount as payment, the current implementation does not return the excess amount back to user.
Code Snippet
https://github.com/sherlock-audit/2022-10-astaria/blob/main/src/LienToken.sol#L594-L649
Tool used
Manual Review
Recommendation
Consider implementing logic to handle the excess payment and return the extra value back to the user.
This will maintain the healthy relationship between the end to user and to the protocol.
Duplicate of #28