Submission Details
Severity:
Misunderstanding the _repay() due to wrong comment
Summary
Wrong comment will make the developers and auditors misunderstanding the behavior of _repay().
Vulnerability Details
/**
* @notice Internal function to repay borrowed reserve assets
* @param amount The amount to repay
@> * @param onBehalfOf The address of the user whose debt is being repaid. If address(0), msg.sender's debt is repaid.
* @dev This function allows users to repay their own debt or the debt of another user.
* The caller (msg.sender) provides the funds for repayment in both cases.
@> * If onBehalfOf is set to address(0), the function defaults to repaying the caller's own debt.
*/
function _repay(uint256 amount, address onBehalfOf) internal {
if (amount == 0) revert InvalidAmount();
@> if (onBehalfOf == address(0)) revert AddressCannotBeZero();
...
}
The comment has If onBehalfOf is set to address(0), the function defaults to repaying the caller's own debt.
But in implementation, if onBehalfOf is address(0), the function reverts.
Impact
Misunderstanding the behavior
Tools Used
manual
Recommendations
Update the function
function _repay(uint256 amount, address onBehalfOf) internal {
if (amount == 0) revert InvalidAmount();
- if (onBehalfOf == address(0)) revert AddressCannotBeZero();
+ if (onBehalfOf == address(0)) onBehalfOf = msg.sender;
...
}
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.