Upgraded Q -> 2 from #258 [1706641869227]

c4-judge commented 8 months ago

Judge has assessed an item in Issue #258 as 2 risk. The relevant finding follows:

[L-9] Any borrower can receive rewards by adding weight to the term before repayment.

When interests accrue from borrowers, these interests are immediately distributed to token holders based on their respective weights. https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/2376d9af792584e3d15ec9c32578daa33bb56b43/src/governance/ProfitManager.sol#L396-L399

function notifyPnL() {
    gaugeProfitIndex[gauge] = _gaugeProfitIndex + (amountForGuild * 1e18) / _gaugeWeight;
}

Hence, any borrower can add weight before repayment, receive rewards, and subsequently withdraw their added weight. Need a logic similar to rebasing tokens.

c4-judge commented 8 months ago

Trumpero marked the issue as duplicate of #994

Trumpero commented 8 months ago

This issue should receive only 50% partial credit due to its lack of quality and evidence

c4-judge commented 8 months ago

Trumpero marked the issue as partial-50

code-423n4 / 2023-12-ethereumcreditguild-findings

Upgraded Q -> 2 from #258 [1706641869227] #1277