ETH can be accidentally sent with ERC20 in sendOutTokenOrETH function #507
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-355
partial-50
Lines of code
https://github.com/debtdao/Line-of-Credit/blob/audit/code4rena-2022-11-03/contracts/utils/LineLib.sol#L34-L51
Vulnerability details
Impact
ETH can be accidentally sent with ERC20 in sendOutTokenOrETH function
User who wants to send ERC20 due to payable function can write a value in the value field
Proof of Concept
Recommended Mitigation Steps
ETH can be sent by mistake with ERC20 in sendOutTokenOrETH function, it is enough to add a simple require to prevent this
The text was updated successfully, but these errors were encountered: