Reverting in MErc20DelegateFixer::repayBadDebtWithCash because of amount being greater than badDebt should be avoided by simple logic adjustment
Summary
Require check provided in Relevant Github Links points to a revert that will happen if amount argument is greater than badDebt in repayBadDebtWithCash. This should be avoided.
Vulnerability Details
Since badDebt variable is subject to changing (lowering) this could lead to buggy behavior for the user if his transaction to repay debt fails due to a big amount or if someone front-runs his transaction with a minimal amount (e.g. 1). Then badDebt will lower and his transaction will fail because badDebt will be lower than amount he provided in function argument.
Imagine badDebt is equal to 1000*10**18 and two users try to repay some amount of it. User 1 wants to repay 500*10**18 and user 2 wants to repay 1000*10**18.
They send the transaction in the same time and both transactions end up on the same block.
Because user 1 specified a larger fee, his transaction will be included in the block earlier.
User 1 now repaid half of the bad debt, meaning
badDebtis now equal to500*10**18.User 2 transaction now fails because
amountis greater thanbadDebteven though he intended to repay the wholebadDebt.
Impact
This leads to a small bug/issue and inconvenience because the function will revert any time someone is trying to repay with an amount that exceeds the badDebt.
Tools Used
Manual review
Recommendations
Add this block of code before the require statement:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.