This repository has been archived by the owner on Nov 19, 2023. It is now read-only.
bin2chen - repayAccountPrimeDebtAtSettlement() user lost residual cash #172
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
bin2chen
high
repayAccountPrimeDebtAtSettlement() user lost residual cash
Summary
in
repayAccountPrimeDebtAtSettlement()
Incorrect calculation of
primeCashRefund
value (always == 0)Resulting in the loss of the user's residual cash
Vulnerability Detail
when settle Vault Account
will execute
settleVaultAccount()
->repayAccountPrimeDebtAtSettlement()
In the
repayAccountPrimeDebtAtSettlement()
method the residual amount will be refunded to the userThe code is as follows.
From the above code we can see that there is a spelling error
so primeCashRefund always ==0
should be
primeCashRefund = netPrimeDebtRepaid - accountPrimeStorageValue
Impact
primeCashRefund
always == 0 , user lost residual cashCode Snippet
https://github.com/sherlock-audit/2023-03-notional/blob/main/contracts-v2/contracts/internal/vaults/VaultAccount.sol#L575
Tool used
Manual Review
Recommendation
The text was updated successfully, but these errors were encountered: