ghoul-sol
commented
3 years ago This is not meant to be used on production, however, this contract is confusing and would not work if used so it was deleted. Thanks for pointing it out!
Open code423n4 opened 3 years ago
ghoul-sol
commented
3 years ago This is not meant to be used on production, however, this contract is confusing and would not work if used so it was deleted. Thanks for pointing it out!
Handle
paulius.eth
Vulnerability details
Impact
contract CompoundLens functions cTokenMetadata and cTokenBalances compare against "bETH" while contract SimplePriceOracle function getUnderlyingPrice compares against "cETH". It is not clear if this SimplePriceOracle will be used in production, probably only for testing, but still would be nice to unify it across all the contracts.
Recommended Mitigation Steps
Replace "cETH" with "bETH" in SimplePriceOracle function getUnderlyingPrice.