The code does not check the return value so if the call fails, checkpoints will not have been written if the model requires them, leading to the incorrect pricing of assets
address(oldInterestRateModel).call(abi.encodeWithSignature("resetInterestCheckpoints()"));
// Attempt to add first interest checkpoint on new IRM
address(newInterestRateModel).call(abi.encodeWithSignature("checkpointInterest()"));
Tools Used
Code inspection
Recommended Mitigation Steps
Check the return code of the call and bubble up any reverts if the model implements the given functions
Lines of code
https://github.com/code-423n4/2022-04-dualityfocus/blob/f21ef7708c9335ee1996142e2581cb8714a525c9/contracts/compound_rari_fork/CToken.sol#L474 https://github.com/code-423n4/2022-04-dualityfocus/blob/f21ef7708c9335ee1996142e2581cb8714a525c9/contracts/compound_rari_fork/CToken.sol#L1624-L1627
Vulnerability details
Impact
The code does not check the return value so if the call fails, checkpoints will not have been written if the model requires them, leading to the incorrect pricing of assets
Proof of Concept
File: contracts/compound_rari_fork/CToken.sol (line 474)
File: contracts/compound_rari_fork/CToken.sol (lines 1624-1627)
Tools Used
Code inspection
Recommended Mitigation Steps
Check the return code of the call and bubble up any reverts if the model implements the given functions