The flashloan() function is designed to allow users to borrow tokens as long as they are repaid with a fee within the same transaction.
However, the function does not validate that the amount is greater than zero, allowing zero-value flashloans to be executed.
Likelihood:
Function is externally callable with arbitrary parameters
No restriction prevents zero-value flashloans
Impact:
Unnecessary execution and gas consumption for no-op transactions
Potential inconsistencies if other logic assumes non-zero amounts
Zero-value flashloan executes without reverting
Behavior:
No tokens are transferred
Function still executes core logic including fee calculation and state updates
Enforce non-zero amount using existing validation helper
The contest is live. Earn rewards by submitting a finding.
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsThe contest is complete and the rewards are being distributed.