search

code-423n4 / 2023-01-ondo-findings

0 stars 0 forks source link

Using block numbers can lead to incorrect interest calculation - due to empty slots #348

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-01-ondo/blob/main/contracts/lending/tokens/cToken/CTokenModified.sol#L422

Vulnerability details

Impact

Using blocks to calculate interest rates can lead to inaccuracies in calculation, because block times are not guaranteed. 

In Ethereum, time is divided up into twelve second units called 'slots'. In each slot a single validator is selected to propose a block.
Assuming all validators are online and fully functional there will be a block in every slot, meaning the block time is 12s.
However, occasionally validators might be offline when called to propose a block, meaning slots can sometimes go empty.

The issue is when calculating the current borrow interest rate here,JumpRateModelV2.getBorrowRate() uses multiplierPerBlock and jumpMultiplierPerBlock, which are derived from perYear values using a blocksPerYearvalue which assumes 1 block = 12s (blocksPerYear = 1 years / 12).

This means that were a slot to be empty, the interest rate calculated would be lower than expected (as blockDelta would be 1, but the time in seconds twice as large as expected), resulting in borrowers having to pay less interest than they should.

Tools Used

Manual analysis

Recommended Mitigation Steps

Consider measuring interest rates using seconds and calculating deltas using block.timestamp.

c4-judge commented 1 year ago

Duplicate of https://github.com/code-423n4/2023-01-ondo-findings/issues/341

c4-judge commented 1 year ago

trust1995 marked the issue as grade-b

c4-judge commented 1 year ago

trust1995 marked the issue as grade-a