Platform: Code4rena
Start Date: 03/11/2022
Pot Size: $115,500 USDC
Total HM: 17
Participants: 120
Period: 7 days
Judge: LSDan
Total Solo HM: 1
Id: 174
League: ETH
Rank: 118/120
Findings: 1
Award: $4.04
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xdeadbeef0x
Also found by: 8olidity, Ch_301, HE1M, Koolex, Lambda, Nyx, RedOneN, Ruhum, Tomo, Trust, adriro, aphak5010, ayeslick, berndartmueller, brgltd, carlitox477, cccz, codexploder, d3e4, eierina, eighty, immeas, joestakey, lotux, minhquanym, perseverancesuccess, rbserver, rvierdiiev
4.0405 USDC - $4.04
https://github.com/debtdao/Line-of-Credit/blob/6987988fe39901cad9a8e5ebb2c6aa719590873d/contracts/modules/credit/LineOfCredit.sol#L237 https://github.com/debtdao/Line-of-Credit/blob/6987988fe39901cad9a8e5ebb2c6aa719590873d/contracts/modules/credit/LineOfCredit.sol#L280 https://github.com/debtdao/Line-of-Credit/blob/6987988fe39901cad9a8e5ebb2c6aa719590873d/contracts/utils/LineLib.sol#L71
The functions that deal with creating or adding credit take the "amount" parameter as input. However, the amount of currency to be deposited, in the case of choosing the ETH token, corresponds to the value of msg.value which may differ from the "amount" parameter. The receiveTokenOrETH function only checks that msg.value is less than amount but this allows msg.value to be greater than amount and therefore more funds than those actually associated with the lender are transferred.
VSCode
changed LineLib.sol from:
if(msg.value < amount) { revert TransferFailed(); }
into
if(msg.value != amount) { revert TransferFailed(); }
#0 - c4-judge
2022-11-17T16:30:07Z
dmvt marked the issue as duplicate of #25
#1 - c4-judge
2022-11-17T19:29:05Z
dmvt marked the issue as partial-50
#2 - C4-Staff
2022-12-20T06:44:54Z
liveactionllama marked the issue as duplicate of #39