talegift
commented
3 years ago No risk in this, suggest lowering severity to 0.
Open code423n4 opened 3 years ago
talegift
commented
3 years ago No risk in this, suggest lowering severity to 0.
ghoul-sol
commented
3 years ago Best practices, non-critical
Handle
0xRajeev
Vulnerability details
Impact
The range/threshold checks on integer values are typically not strict in that they include the interval endpoints to be a closed range instead of an open range. The range/threshold checks in setters are however enforcing an open range instead of closed by checking for strict inequality ‘<‘ instead of ‘<=‘.
Proof of Concept
https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/InterestRateModel.sol#L44
https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/InterestRateModel.sol#L50
https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/InterestRateModel.sol#L61
Tools Used
Manual Analysis
Recommended Mitigation Steps
Strict inequality ‘<‘ should be replaced with '<=' to include the interval endpoints for closed ranges, which is the best-practice.