Missing input validation in `MErc20DelegateFixer.repayBadDebtWithCash`
Summary
In MErc20DelegateFixer.sol, the function repayBadDebtWithCash doesn't check amount. Since we know it can be zero (it wouldn't change anything and user pays the gas for nothing).
Vulnerability Details
The vulnerability lies in the function repayBadDebtWithCash within the MErc20DelegateFixer.sol contract. This function lacks a check for the amount parameter, allowing it to be zero. As a result, users can execute the function with a zero amount, which would not alter the contract state but still incur gas costs to the user.
Impact
The impact of this vulnerability is primarily financial and operational. Users may unknowingly or intentionally call the repayBadDebtWithCash function with a zero amount, expecting to repay debt but achieving no change in the contract state. However, they would still be charged transaction fees for gas usage. Over time, this could lead to unnecessary gas expenditure for users and potential frustration due to the lack of expected outcomes. Additionally, it could introduce inefficiencies in the contract's operation and undermine user trust in the system's functionality.
Tools Used
Manual Review
Recommendations
Consider adding a require amount>0.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.