Core Contracts

Summary

An inconsistency exists between the _repay function's documentation and its implementation. The docstring states that if onBehalfOf is set to address(0), the function should default to repaying the caller’s own debt. However, in the actual implementation, if onBehalfOf is address(0), the function reverts with AddressCannotBeZero().

Vulnerability Details

The function _repay includes the following logic:

The docstring indicates that when onBehalfOf is address(0), the function should default to repaying msg.sender's debt. However, the actual implementation contradicts this by reverting when onBehalfOf is address(0). This inconsistency can lead to unexpected behavior for developers integrating with this function, potentially causing unintended transaction failures.

Impact

User Experience: Developers relying on the docstring may attempt to call _repay(100, address(0)), expecting msg.sender’s debt to be repaid, but will instead face a revert.

Smart Contract Integrity: If external systems rely on the documented behavior, this discrepancy could cause failures in integrations and automated transactions.

Trust Issues: Such inconsistencies reduce the reliability of the contract, making it harder for developers and auditors to trust the code’s intended functionality.

Tools Used

Manual Review

Recommendations

Fix the Implementation: Modify the function to align with the docstring by allowing onBehalfOf == address(0) and setting onBehalfOf = msg.sender in such cases.

Update Documentation: If reverting is the intended behavior, update the docstring to accurately reflect that onBehalfOf cannot be address(0), preventing confusion among developers.

Improve Testing: Implement test cases to validate expected behavior when onBehalfOf is set to address(0), ensuring correct functionality and documentation alignment.