Closed c4-bot-3 closed 4 months ago
0xSorryNotSorry marked the issue as sufficient quality report
0xSorryNotSorry marked the issue as primary issue
eswak (sponsor) acknowledged
eswak marked the issue as disagree with severity
I believe SDAI_CREDIT_HARDCAP
is an unused variable that should be removed, thanks for pointing out.
Trumpero changed the severity to QA (Quality Assurance)
Trumpero marked the issue as grade-b
Trumpero marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/test/proposals/gips/GIP_0.sol#L308
Vulnerability details
Impact
In the deployment script, the constant
SDAI_CREDIT_HARDCAP
is intended to be used to set the hardcap for SDAI credit in theLendingTermParams
struct. However, another constantCREDIT_HARDCAP
is being used instead. While these two values are the same and hence this mistake has no effect, it could lead to incorrect behavior of the contract if either of the two values is modified in this or future deployments.Proof of Concept
In the
GIP_0.sol
file, the constantSDAI_CREDIT_HARDCAP
is declared but not used. Instead, the constantCREDIT_HARDCAP
is used in theLendingTermParams
function to set the hardcap for SDAI credit.https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/test/proposals/gips/GIP_0.sol#L308
Tools Used
Manual review
Recommended Mitigation Steps
Replace the usage of
CREDIT_HARDCAP
withSDAI_CREDIT_HARDCAP
in theLendingTermParams
function to ensure the correct hardcap is set for SDAI credit. This will prevent any unintended consequences of modifying theCREDIT_HARDCAP
orSDAI_CREDIT_HARDCAP
constants.Assessed type
Other