Closed code423n4 closed 1 year ago
Invalid, the attacker would have to pay that interest too + other lenders might be coming in and lowering utilization rate.
The scenario described is intended behavior.
This is how interest rate markets work. Marking invalid.
Lines of code
https://github.com/code-423n4/2022-08-frax/blob/c4189a3a98b38c8c962c5ea72f1a322fbc2ae45f/src/contracts/VariableInterestRate.sol#L1-L86 https://github.com/code-423n4/2022-08-frax/blob/c4189a3a98b38c8c962c5ea72f1a322fbc2ae45f/src/contracts/LinearInterestRate.sol#L1-L93
Vulnerability details
Impact
A lender may borrow to increase interest rate, and as such game the bank.
Proof of Concept
Suppose a lender borrows half of the amount he has lent. If by doing so he increases the utilization such that the interest rate more than doubles (which may be possible) then he will earn more.
Recommended Mitigation Steps
Consider not letting the derivative of the interest rate over utilization be too high.