talegift
commented
3 years ago Duplicate #86
Closed code423n4 closed 3 years ago
talegift
commented
3 years ago Duplicate #86
ghoul-sol
commented
3 years ago best practice, non-critical
Handle
gpersoon
Vulnerability details
Impact
The require error message isn't always accurate: require(_value < highRate, "InterestRateModel: _value < lowRate") ===> this seems like a copy paste error from setMinRate
require(_value < 99e18, "InterestRateModel: _value < 100e18"); ===> the comparison is for 99e18 but the message displays 100e18, which does not seem logical.
Proof of Concept
https://github.com/code-423n4/2021-09-wildcredit/blob/main/contracts/InterestRateModel.sol#L49
function setLowRate(uint _value) external onlyOwner { require(_value < highRate, "InterestRateModel: _value < lowRate"); // msg copy/paste lowRate = _timeRateToBlockRate(_value); emit NewLowRate(_value); }
function setTargetUtilization(uint _value) external onlyOwner { require(_value < 99e18, "InterestRateModel: _value < 100e18"); // msg 99 or 100??? targetUtilization = _value; emit NewTargetUtilization(_value); }
Tools Used
Recommended Mitigation Steps
Replace require(_value < highRate, "InterestRateModel: _value < lowRate"); with require(_value < highRate, "InterestRateModel: _value < highRate");
Replace require(_value < 99e18, "InterestRateModel: _value < 100e18"); with require(_value < 99e18, "InterestRateModel: _value < 99e18");