The transferExcess has a flaw which allows an attacker to exploit excess funds multiple times. There needs to be a modifier and state change that checks if excess funds have been withdrawn.
Steps to reproduce:
Create Market
Lend 10Ξ Account 0
Borrow 5Ξ Account 1
Withdraw 5Ξ Account 1
Repay 5Ξ Account 1
Collect 5Ξ Account 0
Transfer Excess 5Ξ Account 0
Transfer Excess 5Ξ Account 0
The
transferExcesshas a flaw which allows an attacker to exploit excess funds multiple times. There needs to be a modifier and state change that checks if excess funds have been withdrawn.Steps to reproduce:
Create Market
Lend 10Ξ Account 0
Borrow 5Ξ Account 1
Withdraw 5Ξ Account 1
Repay 5Ξ Account 1
Collect 5Ξ Account 0
Transfer Excess 5Ξ Account 0
Transfer Excess 5Ξ Account 0