search

code-423n4 / 2022-05-bunker-findings

1 stars 0 forks source link

Inherited shadowed variable used #42

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/Comptroller.sol#L1099 https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/Comptroller.sol#L1122 https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/ComptrollerStorage.sol#L130

Vulnerability details

Impact

In Comptroller.sol the updateCompSupplyIndex() and updateCompBorrowIndex() function define and use the compAccrued variable but this variable is inherited from ComptrollerStorage.sol. This can result in unexpected behavior.

Proof of Concept

https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/Comptroller.sol#L1099

https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/Comptroller.sol#L1122

https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/ComptrollerStorage.sol#L130

Tools Used

Manual code review

Recommended Mitigation Steps

Consider renaming compAccrued to _comAccrued in the updateCompBorrowIndex() and updateCompSupplyIndex() functions.

gzeoneth commented 2 years ago

Lack POC and unchanged from Compound codebase. Downgrading to Low/QA.

gzeoneth commented 2 years ago

Treating as warden's QA report.