search

code-423n4 / 2021-09-wildcredit-findings

0 stars 0 forks source link

`setHighRate()` Insufficient input validation #83

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

WatchPug

Vulnerability details

https://github.com/code-423n4/2021-09-wildcredit/blob/main/contracts/InterestRateModel.sol#L55-L58

function setMinRate(uint _value) external onlyOwner {
    require(_value < lowRate, "InterestRateModel: _value < lowRate");
    minRate = _timeRateToBlockRate(_value);
    emit NewMinRate(_value);
}

function setLowRate(uint _value) external onlyOwner {
    require(_value < highRate, "InterestRateModel: _value < lowRate");
    lowRate = _timeRateToBlockRate(_value);
    emit NewLowRate(_value);
}

function setHighRate(uint _value) external onlyOwner {
    highRate = _timeRateToBlockRate(_value);
    emit NewHighRate(_value);
}

While setMinRate and setLowRate validates value and make sure minRate < lowRate and lowRate < highRate, setHighRate does not validates the input value.

talegift commented 2 years ago

This is intentional. There is no limit on how high the interest rate can be set in the current implementation.

ghoul-sol commented 2 years ago

per sponsor comment, invalid