Flashloan._loan() does not need the fee, it will cause protocol loss fund.

Summary

Vulnerability Detail

As we can see , Flashloan._loan() does not need the fee, just transfer amount to user, it will cause protocol loss fund.

function _loan(IERC3156FlashBorrower receiver, address token, uint256 amount, bytes memory data, address msgSender)
        internal
    {
        IronBankInterface(ironBank).borrow(address(this), address(receiver), token, amount);

        require(receiver.onFlashLoan(msgSender, token, amount, 0, data) == CALLBACK_SUCCESS, "callback failed"); // no fee

        IERC20(token).safeTransferFrom(address(receiver), address(this), amount);//@audit 

        uint256 allowance = IERC20(token).allowance(address(this), ironBank);
        if (allowance < amount) {
            IERC20(token).safeApprove(ironBank, type(uint256).max);
        }

        IronBankInterface(ironBank).repay(address(this), address(this), token, amount);
    }

Impact

it will cause protocol loss fund.

Code Snippet

https://github.com/sherlock-audit/2023-05-ironbank/blob/main/ib-v2/src/flashLoan/FlashLoan.sol#L104

Tool used

Manual Review

Recommendation

adding fee such using calculate rate.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

035.md

035.md

Flashloan._loan() does not need the fee, it will cause protocol loss fund.

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

035.md

Latest commit

History

035.md

File metadata and controls

Flashloan._loan() does not need the fee, it will cause protocol loss fund.

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation