search

code-423n4 / 2021-04-vader-findings

1 stars 0 forks source link

Interest debt is capped after a year #219

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

@cmichelio

Vulnerability details

Vulnerability Details

The Utils.getInterestOwed function computes the _interestPayment as:

uint256 _interestPayment =
  calcShare(
      timeElapsed,
      _year,
      getInterestPayment(collateralAsset, debtAsset)
  ); // Share of the payment over 1 year

However, calcShare caps timeElpased to _year and therefore the owed interest does not grow after a year has elapsed.

Impact

The impact is probably small because the only call so far computes the elapsed time as block.timestamp - mapCollateralAsset_NextEra[collateralAsset][debtAsset]; which most likely will never go beyond a year.

It's still recommended to fix the logic bug in case more functions will be added that use the broken function.

Recommended Mitigation Steps

Use a different function than calcShare that does not cap.

strictly-scarce commented 3 years ago

A member who doesn't interact with the contract for more than a year misses out on some rewards, so severity:1