search

GalloDaSballo / Apollon-Review

Notes for the Apollon Solo Security Review
0 stars 0 forks source link

Decay Coefficient could round down and have an effective slower decay #64

Open GalloDaSballo opened 2 months ago

GalloDaSballo commented 2 months ago

Impact

calcDecayedStableCoinBaseRate calls _minutesPassedSinceLastFeeOp which rounds down by up to 1 minute - 1

https://github.com/blkswnStudio/ap/blob/8fab2b32b4f55efd92819bd1d0da9bed4b339e87/packages/contracts/contracts/TroveManager.sol#L987-L997

  function calcDecayedStableCoinBaseRate() public view override returns (uint) {
    uint minutesPassed = _minutesPassedSinceLastFeeOp();
    uint decayFactor = LiquityMath._decPow(MINUTE_DECAY_FACTOR, minutesPassed);

    return (stableCoinBaseRate * decayFactor) / DECIMAL_PRECISION;
  }

  function _minutesPassedSinceLastFeeOp() internal view returns (uint) {
    return (block.timestamp - lastFeeOperationTime) / 1 minutes;
  }

This, in conjunction with the logic _updateLastFeeOpTime

https://github.com/blkswnStudio/ap/blob/8fab2b32b4f55efd92819bd1d0da9bed4b339e87/packages/contracts/contracts/TroveManager.sol#L980-L984

    uint timePassed = block.timestamp - lastFeeOperationTime;
    if (timePassed >= 1 minutes) { /// @audit Can we abuse this in some way? | See ETHOS and eBTC findings
      lastFeeOperationTime = block.timestamp;
      emit LastFeeOpTimeUpdated(block.timestamp);
    }

Will make the decay factor decay slower than intended

This finding was found in the ETHOS contest by Chaduke: https://github.com/code-423n4/2023-02-ethos-findings/issues/33

sambP commented 2 months ago
Screenshot 2024-08-27 at 2 52 23 PM