excess eth
passed to LineOfCredit
is stuck
#307
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-39
edited-by-warden
satisfactory
Finding meets requirement
Lines of code
https://github.com/debtdao/Line-of-Credit/blob/master/contracts/utils/LineLib.sol#L71
Vulnerability details
Impact
excess
eth
sent toLineOfCredit
is stuck in the contract.SecuredLine
andSpigotedLine
both have a sweep that can eventually release theeth
. But this kind of applies to them too as it requires the debit to be repaid or only the arbiter can retrieve them.Proof of Concept
PoC test in
LineOfCredit.t.sol
Tools Used
vscode, forge
Recommended Mitigation Steps
change:
There's never any reason to send more
eth
than stated inamount
to the contract.The text was updated successfully, but these errors were encountered: