search

sherlock-audit / 2023-04-blueberry-judging

8 stars 5 forks source link

SanketKogekar - The function `_doBorrow()` of `BlueBerryBank.sol` does not verify if value of `uBalanceBefore` is 0. #149

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

SanketKogekar

medium

The function _doBorrow() of BlueBerryBank.sol does not verify if value of uBalanceBefore is 0.

Summary

The function _doBorrow() of BlueBerryBank.sol does not verify if value of uBalanceBefore is 0, which can lead to unnecessary calculation, unexpected issues and gas costs. This could mean adding 0 amount check in the borrowfunction (caller) itself. (Same goes for the repay function as well)

Vulnerability Detail

function _doBorrow() of BlueBerryBank.sol does not verify if value of uBalanceBefore is 0 which can possible lead to unexpected issues / gas costs.

Impact

function _doBorrow() of BlueBerryBank.sol does not verify if value of uBalanceBefore is 0 which can possible lead to unexpected issues / gas costs.

function _doBorrow(
        address token,
        uint256 amountCall
    ) internal returns (uint256 borrowAmount) {
        address bToken = banks[token].bToken;

        IERC20Upgradeable uToken = IERC20Upgradeable(token);
        //!! Check uBalanceBefore value here.
        uint256 uBalanceBefore = uToken.balanceOf(address(this));
        if (ICErc20(bToken).borrow(amountCall) != 0)
            revert Errors.BORROW_FAILED(amountCall);
        uint256 uBalanceAfter = uToken.balanceOf(address(this));

        borrowAmount = uBalanceAfter - uBalanceBefore;
    }

Code Snippet

https://github.com/sherlock-audit/2023-04-blueberry/blob/main/blueberry-core/contracts/BlueBerryBank.sol#L832

Tool used

Manual Review

Recommendation

revert if uBalanceBefore == 0