code-423n4 / 2023-05-venus-findings

2 stars 1 forks source link

Comptroller.sol#healAccount did not call `updateRewardTokenBorrowIndex` to update the reward #451

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-05-venus/blob/main/contracts/Comptroller.sol#L578

Vulnerability details

Impact

healAccount should call updateRewardTokenBorrowIndex to calculate the reward before affecting the debt value.

Proof of Concept

Tools Used

manual

Recommended Mitigation Steps

call updateRewardTokenBorrowIndex before heal account.

Assessed type

Other

c4-judge commented 1 year ago

0xean marked the issue as unsatisfactory: Insufficient quality