search

code-423n4 / 2023-05-venus-findings

2 stars 1 forks source link

[H1] Incorrect constant set at `WhitePaperInterestRateModel` #528

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-05-venus/blob/8be784ed9752b80e6f1b8b781e2e6251748d0d7e/contracts/WhitePaperInterestRateModel.sol#L17

Vulnerability details

Impact

Incorrect calculation of critical parameters like baseRatePerBlock.

Proof of Concept

The constant blocksPerYear is incorrectly set

uint256 public constant blocksPerYear = 2102400; // @audit 15 seconds per block

However, for Binance Smart Chain the blocks are being produced every 3 seconds.

Recommended

[-]   uint256 public constant blocksPerYear = 2102400; 
[+]   uint256 public constant blocksPerYear = 5 * 2102400;

Assessed type

Error

c4-judge commented 1 year ago

0xean marked the issue as duplicate of #559

c4-judge commented 1 year ago

0xean marked the issue as satisfactory

c4-judge commented 1 year ago

0xean changed the severity to 2 (Med Risk)

c4-judge commented 1 year ago

0xean changed the severity to 3 (High Risk)