search

code-423n4 / 2023-10-wildcat-findings

14 stars 10 forks source link

Borrower can set interest rate in close market state #622

Closed c4-submissions closed 1 year ago

c4-submissions commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-10-wildcat/blob/c5df665f0bc2ca5df6f06938d66494b11e7bdada/src/market/WildcatMarketConfig.sol#L149-L159 https://github.com/code-423n4/2023-10-wildcat/blob/c5df665f0bc2ca5df6f06938d66494b11e7bdada/src/WildcatMarketController.sol#L468-L488

Vulnerability details

Summary

borrower can set interest rate after closing market .

Impact

loss of funds for some lenders .

Vulnerability Details

borrower can set new interestRateBips after close market , this leads to accrue interest for available assets in market while there aren't enough assets to cover accrued interest so lenders that request withdraw earlier earn additional interest and lenders that request later can't withdraw all of their funds .

Tools Used

Manual Review

Recommended Mitigation Steps

prevent set interestRateBips after market is closed .

Assessed type

Other

c4-pre-sort commented 1 year ago

minhquanym marked the issue as duplicate of #62

c4-pre-sort commented 1 year ago

minhquanym marked the issue as duplicate of #566

c4-judge commented 1 year ago

MarioPoneder marked the issue as unsatisfactory: Insufficient quality