PuttyV2.withdraw() might revert with zero transfer. #116
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate
This issue or pull request already exists
Lines of code
https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L499-L500
Vulnerability details
Impact
PuttyV2.withdraw() might revert with zero transfer.
So users can't withdraw their funds and tokens.
Proof of Concept
As we can check from previous issue, some ERC20 tokens don't allow transfer of 0 amount.
And when we calculate feeAmount, feeAmount might be zero even though the fee is positive when order.strike is less than 1000.
Then the fee transfer might revert and users can't withdraw their funds and tokens.
Tools Used
Solidity Visual Developer of VSCode
Recommended Mitigation Steps
We can modify this part like below.
The text was updated successfully, but these errors were encountered: