In call depositCollateral() function msg.sender can send ERC20(!= address(0)) asset. If msg.sender send more value than amount (msg.value > amount), the exedent will lost.
Impact
Possible lost value in depositCollateral() function call in InsurancePool.sol contract.
radev_sw
medium
Msg.value is not validated
Summary
Possible lost msg.value
Vulnerability Detail
In call
depositCollateral()
function msg.sender can send ERC20(!= address(0)) asset. If msg.sender send more value than amount (msg.value > amount), the exedent will lost.Impact
Possible lost value in
depositCollateral()
function call inInsurancePool.sol
contract.Code Snippet
https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/InsurancePool.sol#L83-L91
Tool used
Manual Review
Recommendation
Check if the
msg.value
is zero.