c4-judge
commented
1 year ago Picodes marked the issue as duplicate of #477
Closed c4-judge closed 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as duplicate of #477
c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
c4-judge
commented
1 year ago Picodes marked the issue as partial-50
Judge has assessed an item in Issue #148 as 3 risk. The relevant finding follows:
Lines of code https://github.com/code-423n4/2023-01-astaria/blob/1bfc58b42109b839528ab1c21dc9803d663df898/src/LienToken.sol#L122-L231
Vulnerability details Impact Detailed description of the impact of this finding. _buyoutLien() in LienToken.sol failes to update the new PublicVault's slope, yIntercept, and s.epochData[...].liensOpenForEpoch.
Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Suppose a PublicVault P calls _buyoutLien() to replace an old lien A by a new lien A`. The slope, yIntercept and s.epochData[...].liensOpenForEpoch for A's payee have been modified as follows, but the function fails to update these parameters for P, the payee of A'.