c4-judge
commented
10 months ago hansfriese marked the issue as primary issue
Open c4-bot-10 opened 11 months ago
c4-judge
commented
10 months ago hansfriese marked the issue as primary issue
c4-sponsor
commented
10 months ago fez-init (sponsor) acknowledged
fez-init
commented
10 months ago There might have been miscommunications with this issue being resolved. This issue from Trust should be communicated as acknowledged.
hansfriese
commented
10 months ago According to the sponsor's comment, it's worth keeping it as a valid medium.
c4-judge
commented
10 months ago hansfriese marked the issue as satisfactory
c4-judge
commented
10 months ago hansfriese marked the issue as selected for report
Lines of code
https://github.com/code-423n4/2023-12-initcapital/blob/main/contracts/core/InitCore.sol#L535
Vulnerability details
Proof of Concept
TRST-M-8 from previous audit describes the fact, that when repaying is paused, then pool still continue accruing interests. Usually this is not considered as a medium bug anymore. However, protocol team has stated, that they have fixed everything.
I should say, that TRST-M-8 still exists and in case i repayment will be paused and user will not be able to reduce their debt, their debt shares will continue to accrue interest.
Impact
Interest accruing is not paused, when repaying is not allowed.
Tools Used
VsCode
Recommended Mitigation Steps
You can implement the logic that will pause all interest accruing as well, but i am not sure this is indeed needed.
Assessed type
Error