Moonwell

Moonwell
DeFiFoundry
15,000 USDC
View results
Submission Details
Severity: low
Invalid

repayBadDebtWithCash() function can be called with amount = 0

Summary

In contract MErc20DelegateFixer, the repayBadDebtWithCash() function can be called with argument amount = 0.

Vulnerability Details

Calling the function with amount = 0 emits the event BadDebtRepayed(0), which means no debt has been payed at all. This is undesirable as introduces new information which really contributes nothing, the rest of the variables of the system are not affected.

Impact

Low impact as it does not affect the operation of the protocol.

Tools Used

Manual review

Recommendations

Add a check to prevent from calling the function with argument amount = 0:

function repayBadDebtWithCash(uint256 amount) external nonReentrant {
+ require(amount > 0, "Some debt must be paid!");
/// Checks and Effects
badDebt = SafeMath.sub(badDebt, amount, "amount exceeds bad debt");
EIP20Interface token = EIP20Interface(underlying);
/// Interactions
require(
token.transferFrom(msg.sender, address(this), amount),
"transfer in failed"
);
emit BadDebtRepayed(amount);
}
Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.