c4-pre-sort
commented
9 months ago bytes032 marked the issue as insufficient quality report
Closed c4-bot-2 closed 9 months ago
c4-pre-sort
commented
9 months ago bytes032 marked the issue as insufficient quality report
alex-ppg
commented
9 months ago The Warden states how a trove's interest rate can be lowered by exploiting suspended collateral that is part of a trove and increasing its proportion.
The latter part is not possible as a suspended Yang (collateral) can no longer be deposited to the Opus system.
c4-judge
commented
9 months ago alex-ppg marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-01-opus/blob/main/src/core/shrine.cairo#L1522
Vulnerability details
Impact
Loss of interest by using suspended yang if it has lower rate assigned, by depositing more of that collateral. In
get_avg_rate_over_erait loops over all yangs of user to determine average rate, and this includes yangs which are suspended, if suspended yang has low interest rate, it will then encourage user's to put more of suspended collateral into system to lower their average interest rate. This will lead to loss of interest for protocol.Proof of Concept
Tools Used
VS Code
Recommended Mitigation Steps
Check if yang is suspended while looping over all yangs for calculating rate.
Assessed type
Other