c4-judge
commented
1 year ago 0xean changed the severity to QA (Quality Assurance)
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago 0xean changed the severity to QA (Quality Assurance)
c4-judge
commented
1 year ago 0xean marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2023-05-venus/blob/8be784ed9752b80e6f1b8b781e2e6251748d0d7e/contracts/BaseJumpRateModelV2.sol#L23 https://github.com/code-423n4/2023-05-venus/blob/8be784ed9752b80e6f1b8b781e2e6251748d0d7e/contracts/WhitePaperInterestRateModel.sol#L17
Vulnerability details
Impact
The constant blocksPerYear is hardcoded, which is the approximate number of blocks per year assumed by the interest rate model. It is wrong that it is hardcoded since it is they can make changes to the blockchain, such as Ethereum going from PoW to PoS and this number does not represent what happens in the blocks.
Recommended Mitigation Steps
Add a setter function for blocksPerYear to be able to be set by the owner.
Assessed type
DoS