Contract fails to deliver promised returns, but doesn't lose value
Description
Brief/Intro
`mintDebt()` and `repayDebt()` are used to mint debt and repay the debt by a user.
Vulnerability Details
`mintDebt()` and `repayDebt()` currently return `shares` inputted by the users and not the corresponding `assets` ```solidity function repayDebt( uint256 shares ) public whenNotPaused returns (uint256 assets) { assets = convertToAssets(shares);
// Check the current debt of the debtor.
if (currentDebt[msg.sender] < assets) {
revert ExcessiveDebtRepayment(
msg.sender,
currentDebt[msg.sender],
assets
);
}
// Decrease the debt of the debtor.
currentDebt[msg.sender] -= assets;
emit DebtRepaid(msg.sender, currentDebt[msg.sender], assets, shares);
// Decrease the total debt.
totalDebt -= assets;
// Burn the shares from the debtor.
super._burn(msg.sender, shares);
return shares;
}
``` ```solidity function mintDebt( uint256 shares, address receiver ) public whenNotPaused returns (uint256 assets) { assets = convertToAssets(shares);
// Increase the debt of the debtor.
currentDebt[msg.sender] += assets;
// Check the maximum debt allowance of the debtor.
if (currentDebt[msg.sender] > allowedDebt[msg.sender]) {
revert InsufficientDebtAllowance(
msg.sender,
allowedDebt[msg.sender],
currentDebt[msg.sender]
);
}
emit DebtMinted(msg.sender, currentDebt[msg.sender], assets, shares);
// Increase the total debt.
totalDebt += assets;
// Mint the shares to the receiver.
super._mint(receiver, shares);
return shares;
}
```
Impact Details
The ERC4626 standard states that minting shares must return assets as return value. But this doesn't follow the standard and may cause integration issues with some smart contracts. This can also cause confusion to users, particularly when the shares : assets ratio isn't 1:1
