Closed sherlock-admin2 closed 4 months ago
karanctf
medium
The refund function allows assets to be locked if msg.value is less than repaid assets.
Insufficient check in refund function may lead to locking assets if msg.value is less than repaid assets.
Users lock assets in the contract, unable to withdraw them.
https://github.com/sherlock-audit/2024-04-interest-rate-model/blob/main/protocol/contracts/MarketETHRouter.sol#L90
function refund(uint256 borrowShares) external payable wrap returns (uint256 repaidAssets, uint256 actualShares) { (repaidAssets, actualShares) = market.refund(borrowShares, msg.sender);// @audit what if msg.value <= repid asset they'll be locked in contract if (msg.value > repaidAssets) unwrapAndTransfer(msg.value - repaidAssets); }
Manual Review
Add a check to prevent locking assets when msg.value is less than repaid assets.
This issue is invalid because the transaction will revert if not enough assets are sent.
karanctf
medium
Insufficient check in MarketETHRouter::refund() locks eth
Summary
The refund function allows assets to be locked if msg.value is less than repaid assets.
Vulnerability Detail
Insufficient check in refund function may lead to locking assets if msg.value is less than repaid assets.
Impact
Users lock assets in the contract, unable to withdraw them.
Code Snippet
https://github.com/sherlock-audit/2024-04-interest-rate-model/blob/main/protocol/contracts/MarketETHRouter.sol#L90
Tool used
Manual Review
Recommendation
Add a check to prevent locking assets when msg.value is less than repaid assets.