Open c4-submissions opened 11 months ago
minhquanym marked the issue as duplicate of #443
MarioPoneder marked the issue as satisfactory
MarioPoneder marked the issue as selected for report
Selected because of PoC, discussion and mitigation steps.
laurenceday (sponsor) confirmed
Lines of code
https://github.com/code-423n4/2023-10-wildcat/blob/c5df665f0bc2ca5df6f06938d66494b11e7bdada/src/WildcatMarketController.sol#L468
Vulnerability details
When a
WildcatMarketController
is created, it is hardcoded with aMinimumAnnualInterestBips
andMaximumAnnualInterestBips
ramge that cannot be changed; these values come fromWildcatMarketControllerFactory
where they are specified by the protocol owners.When a market is created at the borrower's request, the annual interest requested by the borrower is validated to sit within these bounds.
However, the borrower is also allowed to change this value at a later point through the
WildcatMarketController.setAnnualInterestBips
function. This entry point does not offer any validation, except for the downstreamWildcatMarket.setAnnualInterestBips
that checks for the value not to exceedBIPS
.Impact
After the creation of a market, the borrower is allowed to change its annual interest outside the bounds allowed by the protocol.
Proof of Concept
Tools Used
Code review, Foundry
Recommended Mitigation Steps
Consider introducing the validation of the new interest rate:
Assessed type
Invalid Validation