Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2023-05-venus/blob/main/contracts/Comptroller.sol#L578
healAccount should call updateRewardTokenBorrowIndex to calculate the reward before affecting the debt value.
updateRewardTokenBorrowIndex
manual
call updateRewardTokenBorrowIndex before heal account.
Other
0xean marked the issue as unsatisfactory: Insufficient quality
Lines of code
https://github.com/code-423n4/2023-05-venus/blob/main/contracts/Comptroller.sol#L578
Vulnerability details
Impact
healAccount should call
updateRewardTokenBorrowIndex
to calculate the reward before affecting the debt value.Proof of Concept
Tools Used
manual
Recommended Mitigation Steps
call
updateRewardTokenBorrowIndex
before heal account.Assessed type
Other