search

sherlock-audit / 2023-12-arcadia-judging

19 stars 15 forks source link

Nyxaris - M-4 Inadequate Debt Management in executeRepay Function #136

Closed sherlock-admin closed 9 months ago

sherlock-admin commented 9 months ago

Nyxaris

medium

M-4 Inadequate Debt Management in executeRepay Function

Summary

The executeRepay function fails to properly manage debt by ignoring the amount owed by the specified account, overwriting repayment amounts under certain conditions, and neglecting to adjust the debt after repayment.

Vulnerability Detail

  1. Ignoring Account Debt: The function doesn't verify the amount owed by the account before repayment, potentially leading to overpayments or incomplete debt settlement.
  2. Overwriting amount: If the specified amount is less than 1, the function defaults to repaying the entire balance of the asset, potentially resulting in unintended overpayments.
  3. Not Adjusting Debt: After repayment, the function doesn't update the account's debt, which can lead to inaccurate debt records and subsequent transaction issues.

Impact

Financial Loss: Overpaying or underpaying debt could result in financial discrepancies and potential loss of funds. Confusion: Overwriting the repayment amount could confuse users and developers, leading to unexpected behavior. Operational Issues: Failure to adjust debt could cause inaccuracies in debt records, impacting subsequent transactions or reporting.

Code Snippet

code

  /**
     * @notice Repays an exact amount to a Creditor.
     * @param creditor The contract address of the Creditor.
     * @param asset The contract address of the asset that is being repaid.
     * @param account The contract address of the Account for which the debt is being repaid.
     * @param amount The amount of debt to repay.
     * @dev Can be called as one of the calls in executeAction, but fetches the actual contract balance after other DeFi interactions.
     */
    function executeRepay(address creditor, address asset, address account, uint256 amount) external {
        if (amount < 1) amount = IERC20(asset).balanceOf(address(this));

        (bool success, bytes memory data) =
            creditor.call(abi.encodeWithSignature("repay(uint256,address)", amount, account));
        require(success, string(data));
    }

Tool used

Manual Review

Recommendation

Implement Debt Verification: Verify the amount owed by the account before executing repayment to ensure accuracy. Remove Default Repayment: Avoid overwriting the provided amount and only repay the specified debt. Update Debt Records: After successful repayment, adjust the debt owed by the account to maintain accurate records.

sherlock-admin2 commented 9 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid

nevillehuang commented 9 months ago

Invalid, almost no proof described. Additionally the intended logic is within repay() seen here