Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Beneficiary is credited additional ETH above premium #324

Closed
HardlyDifficult opened this issue May 30, 2022 · 2 comments
Closed

Beneficiary is credited additional ETH above premium #324

HardlyDifficult opened this issue May 30, 2022 · 2 comments

Comments

@HardlyDifficult
Copy link
Collaborator

From horsefacts in #294

Beneficiary is credited additional ETH above premium
The Cally#buyOption function ensures that the caller sends an ETH amount equal to or greater than the calculated premium:

buyOption#L224

   require(msg.value >= premium, "Incorrect ETH amount sent");

It then credits the beneficiary with an amount equal to msg.value:

buyOption#L250

    ethBalance[beneficiary] += msg.value;

If the caller of buyOption sends excess ETH above the premium amount, this additional amount is credited to the beneficiary.

Recommendation: If this is intentional, clearly document this behavior for end users. If not, consider requiring an exact premium amount rather than accepting additional ETH.
@HardlyDifficult HardlyDifficult added bug Something isn't working duplicate This issue or pull request already exists 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels May 30, 2022
@HardlyDifficult
Copy link
Collaborator Author

Dupe of #84

@HardlyDifficult HardlyDifficult mentioned this issue May 30, 2022
Open
@JeeberC4 JeeberC4 removed bug Something isn't working duplicate This issue or pull request already exists 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels Jun 6, 2022
@JeeberC4
Copy link
Contributor

JeeberC4 commented Jun 6, 2022

Issue recreated with script that includes all required data.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@HardlyDifficult @JeeberC4