If _timeRateToBlockRate would be called with a relative low value for _uint, a rounding error could occur.
This is because _uint is divided by 365 and 86400 first and solidity doesn't have floating points.
Generally its better to first multiply and then divide, unless an overflow could occur, which doesn't seem relevant here.
Handle
gpersoon
Vulnerability details
Impact
If _timeRateToBlockRate would be called with a relative low value for _uint, a rounding error could occur. This is because _uint is divided by 365 and 86400 first and solidity doesn't have floating points. Generally its better to first multiply and then divide, unless an overflow could occur, which doesn't seem relevant here.
Proof of Concept
https://github.com/code-423n4/2021-09-wildcredit/blob/main/contracts/InterestRateModel.sol#L104 function _timeRateToBlockRate(uint _uint) private view returns(uint) { return _uint / 365 / 86400 * BLOCK_TIME / 1e18; }
Tools Used
Recommended Mitigation Steps
replace return _uint / 365 / 86400 BLOCK_TIME / 1e18; with return _uint BLOCK_TIME / ( 365 86400 1e18);