Wrong checking causes the swapETHForYt function to revert with a high probability
Summary
When the swapETHForYt function is called to perform swap, the contract will borrow money through flash loans. The relationship between repayAmount and remaining is incorrectly checked in the flash loan callback function receiveFlashLoan, which causes swap to fail.
Vulnerability Detail
In the receiveFlashLoan function, remaining represents the remaining ETH sent by the user to the contract for swap, which will eventually be returned to the user. The repayAmount indicates the amount of flash loan to be repaid by the agreement. Generally speaking, repayAmount will be greater than remaining, so there is a high probability that revert will occur here. This causes swap to fail.
Impact
Wrong checking causes the swapETHForYt function to revert with a high probability
Code Snippet
uint256 remaining = TransientStorage.tloadU256(TSLOT_CB_DATA_VALUE) - spent;
if (repayAmount > remaining) revert Errors.MetapoolRouterInsufficientETHRepay(); // Can't repay the flash loan
Drynooo
medium
Wrong checking causes the swapETHForYt function to revert with a high probability
Summary
When the swapETHForYt function is called to perform swap, the contract will borrow money through flash loans. The relationship between repayAmount and remaining is incorrectly checked in the flash loan callback function receiveFlashLoan, which causes swap to fail.
Vulnerability Detail
In the receiveFlashLoan function, remaining represents the remaining ETH sent by the user to the contract for swap, which will eventually be returned to the user. The repayAmount indicates the amount of flash loan to be repaid by the agreement. Generally speaking, repayAmount will be greater than remaining, so there is a high probability that revert will occur here. This causes swap to fail.
Impact
Wrong checking causes the swapETHForYt function to revert with a high probability
Code Snippet
Tool used
Manual Review
Recommendation
It is recommended to remove this check.
Duplicate of #36