Closed code423n4 closed 2 years ago
WatchPug
https://github.com/code-423n4/2021-09-wildcredit/blob/main/contracts/InterestRateModel.sol#L55-L58
function setMinRate(uint _value) external onlyOwner { require(_value < lowRate, "InterestRateModel: _value < lowRate"); minRate = _timeRateToBlockRate(_value); emit NewMinRate(_value); } function setLowRate(uint _value) external onlyOwner { require(_value < highRate, "InterestRateModel: _value < lowRate"); lowRate = _timeRateToBlockRate(_value); emit NewLowRate(_value); } function setHighRate(uint _value) external onlyOwner { highRate = _timeRateToBlockRate(_value); emit NewHighRate(_value); }
While setMinRate and setLowRate validates value and make sure minRate < lowRate and lowRate < highRate, setHighRate does not validates the input value.
setMinRate
setLowRate
minRate < lowRate
lowRate < highRate
setHighRate
This is intentional. There is no limit on how high the interest rate can be set in the current implementation.
per sponsor comment, invalid
Handle
WatchPug
Vulnerability details
https://github.com/code-423n4/2021-09-wildcredit/blob/main/contracts/InterestRateModel.sol#L55-L58
While
setMinRate
andsetLowRate
validates value and make sureminRate < lowRate
andlowRate < highRate
,setHighRate
does not validates the input value.