ERC5095.sol#L98 : maxWithdraw should consider owner's balance to return before maturity. Not the contract's balance
Summary
maxWithdraw is used to fetch the maximum withdrawable underlying asset value.
This is a view function which will give the maximum witherable value.
Vulnerability Detail
Instead of fetching of the caller's max withdrawable value, the function always return the contract's balance.
Impact
The function returns wrong value.
I think, the function is not used anywhere int the contract. But, if it is used in the front end to fetch the max withdrawable value and use it further, then it will be a problem.
If anyone want to use the illuminate's ERC5095 feature and call maxWithdraw the this will be an issue. Lead to integration problem.
ak1
medium
ERC5095.sol#L98 : maxWithdraw should consider owner's balance to return before maturity. Not the contract's balance
Summary
maxWithdraw
is used to fetch the maximum withdrawable underlying asset value.This is a view function which will give the maximum witherable value.
Vulnerability Detail
Instead of fetching of the caller's max withdrawable value, the function always return the contract's balance.
Impact
The function returns wrong value.
I think, the function is not used anywhere int the contract. But, if it is used in the front end to fetch the max withdrawable value and use it further, then it will be a problem.
If anyone want to use the illuminate's ERC5095 feature and call
maxWithdraw
the this will be an issue. Lead to integration problem.Code Snippet
https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/tokens/ERC5095.sol#L98-L103
Tool used
Manual Review
Recommendation
Update the code as given in the if block.
Duplicate of #129