Excess ETH should be returned #94
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-39
partial-50
Lines of code
https://github.com/debtdao/Line-of-Credit/blob/audit/code4rena-2022-11-03/contracts/utils/LineLib.sol#L71
Vulnerability details
Impact
Only
msg.value > amount
is allowed here, but the excess(msg.value - amount) is not returned to the user.Proof of Concept
Tools Used
vscode
Recommended Mitigation Steps
The text was updated successfully, but these errors were encountered: