This repository has been archived by the owner on Nov 19, 2023. It is now read-only.
xiaoming90 - Residual amount is not refunded #197
Labels
Duplicate
A valid issue that is a duplicate of an issue with `Has Duplicates` label
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
xiaoming90
high
Residual amount is not refunded
Summary
The residual amount will not be refunded back to the account.
Vulnerability Detail
https://github.com/sherlock-audit/2023-03-notional/blob/main/contracts-v2/contracts/internal/vaults/VaultAccount.sol#L571
Let$a$ be $a$ .
accountPrimeStorageValue
. In Line 571,netPrimeDebtChange
is set toIn Line 575,$a - a$ . For any number $a$ from itself always equals zero. As a result,
netPrimeDebtChange.sub(accountPrimeStorageValue)
is equivalent toa
, the result of subtractingprimeCashRefund
will also always be zero after the conversion.Impact
Loss of assets for the users as the residual amount will not be refunded back to the account.
Code Snippet
https://github.com/sherlock-audit/2023-03-notional/blob/main/contracts-v2/contracts/internal/vaults/VaultAccount.sol#L571
Tool used
Manual Review
Recommendation
It is recommended to implement the following change:
Duplicate of #172
The text was updated successfully, but these errors were encountered: