Summary

The _repay function is designed to facilitate the repayment of borrowed reserve assets. However, the function uses amount instead of actualRepayAmount when calling burn() and transferring reserve assets. This can lead to inconsistencies where the amount burned does not match the amount transferred, potentially causing accounting discrepancies.

Vulnerability Details

• The function first determines actualRepayAmount, which caps the repayment amount at the user's scaled debt balance.

• However, amount is still used when calling burn()

• The function comment suggests that overpayments (extra dust) should be allowed, but without proper validation, this could introduce unintended behavior.

Impact

• Potential Overpayment: If amount is larger than actualRepayAmount, excess funds may be transferred but not properly accounted for.

Tools Used

• Manual code review

Recommendations

• Replace amount with actualRepayAmount in the burn()

• Introduce additional checks to ensure that overpayments (extra dust) are properly accounted for or refunded.