lucas-manuel
commented
3 years ago Informational, will not address
Open code423n4 opened 3 years ago
lucas-manuel
commented
3 years ago Informational, will not address
Handle
gpersoon
Vulnerability details
Impact
The function getNextPayment in RepaymentCalc.sol makes a calculation based on 365 days. However a year does not exactly contain 365 days, depending on it being a leap year. So the calculations might be slightly off.
Proof of Concept
RepaymentCalc.sol: function getNextPayment(address _loan) view public returns(uint256, uint256, uint256) { .. uint256 interest = principalOwed .mul(loan.apr()) .mul(loan.paymentIntervalSeconds()) .div(10_000) .div(365 days);
Tools Used
Editor
Recommended Mitigation Steps
Check if the difference for leap years is relevant. Perhaps add a comment if the difference is ignored.