The protocol may not work as expected in years that are not 365 days long, which could lead to a loss of confidence in the protocol. In fact, the next year is one of those years (leap year).
Furthermore, defining it as a constant in the contract is an invariant that can clearly lead to errors in the protocol.
Lines of code
https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/IRModels/JumpRateModel.sol#L20
Vulnerability details
Vulnerability details
Impact
The protocol may not work as expected in years that are not 365 days long, which could lead to a loss of confidence in the protocol. In fact, the next year is one of those years (leap year).
Furthermore, defining it as a constant in the contract is an invariant that can clearly lead to errors in the protocol.
Proof of Concept
Tools Used
Manual review
Recommended Mitigation Steps
The variable should not be constants, and there should be additional measures in case a year has 366 days like the next year will.
Assessed type
Other