search

sherlock-audit / 2024-04-interest-rate-model-judging

9 stars 5 forks source link

karanctf - Insufficient check in MarketETHRouter::refund() locks eth #247

Closed sherlock-admin2 closed 4 months ago

sherlock-admin2 commented 5 months ago

karanctf

medium

Insufficient check in MarketETHRouter::refund() locks eth

Summary

The refund function allows assets to be locked if msg.value is less than repaid assets.

Vulnerability Detail

Insufficient check in refund function may lead to locking assets if msg.value is less than repaid assets.

Impact

Users lock assets in the contract, unable to withdraw them.

Code Snippet

https://github.com/sherlock-audit/2024-04-interest-rate-model/blob/main/protocol/contracts/MarketETHRouter.sol#L90

  function refund(uint256 borrowShares) external payable wrap returns (uint256 repaidAssets, uint256 actualShares) {
    (repaidAssets, actualShares) = market.refund(borrowShares, msg.sender);// @audit what if msg.value <= repid asset they'll be locked in contract

    if (msg.value > repaidAssets) unwrapAndTransfer(msg.value - repaidAssets);
  }

Tool used

Manual Review

Recommendation

Add a check to prevent locking assets when msg.value is less than repaid assets.

santipu03 commented 4 months ago

This issue is invalid because the transaction will revert if not enough assets are sent.