Too much ETH in receiveTokenOrETH not reimbursed #124
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-39
satisfactory
Finding meets requirement
Lines of code
https://github.com/debtdao/Line-of-Credit/blob/d7ef66035ddf873b0c96804a1c9deeebb1f798ea/contracts/utils/LineLib.sol#L71
Vulnerability details
Impact
In
LineLib.receiveTokenOrETH
, it is only checked ifmsg.value
is greater or equal thanamount
when the token is ETH:Therefore, when a user accidentally pays too much ETH, the additional amount will be lost. Note that this is different to ERC20 tokens, where the exact amount is enforced (by transferring the exact amount).
Proof Of Concept
Alice calls
LineOfCredit.addCredit
to add a credit with 1 ETH. Whileamount
is set to 1 ETH (10**18), she accidentally sends 2 ETH with the call. The additional ETH is lost and cannot be recovered.Recommended Mitigation Steps
Either force that the amount matches exactly or reimburse the additional ETH.
The text was updated successfully, but these errors were encountered: