Open code423n4 opened 2 years ago
https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/Comptroller.sol#L1099 https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/Comptroller.sol#L1122 https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/ComptrollerStorage.sol#L130
In Comptroller.sol the updateCompSupplyIndex() and updateCompBorrowIndex() function define and use the compAccrued variable but this variable is inherited from ComptrollerStorage.sol. This can result in unexpected behavior.
Comptroller.sol
updateCompSupplyIndex()
updateCompBorrowIndex()
compAccrued
ComptrollerStorage.sol
https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/Comptroller.sol#L1099
https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/Comptroller.sol#L1122
https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/ComptrollerStorage.sol#L130
Manual code review
Consider renaming compAccrued to _comAccrued in the updateCompBorrowIndex() and updateCompSupplyIndex() functions.
_comAccrued
Lack POC and unchanged from Compound codebase. Downgrading to Low/QA.
Treating as warden's QA report.
Lines of code
https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/Comptroller.sol#L1099 https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/Comptroller.sol#L1122 https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/ComptrollerStorage.sol#L130
Vulnerability details
Impact
In
Comptroller.sol
theupdateCompSupplyIndex()
andupdateCompBorrowIndex()
function define and use thecompAccrued
variable but this variable is inherited fromComptrollerStorage.sol
. This can result in unexpected behavior.Proof of Concept
https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/Comptroller.sol#L1099
https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/Comptroller.sol#L1122
https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/ComptrollerStorage.sol#L130
Tools Used
Manual code review
Recommended Mitigation Steps
Consider renaming
compAccrued
to_comAccrued
in theupdateCompBorrowIndex()
andupdateCompSupplyIndex()
functions.