Closed c4-bot-6 closed 6 months ago
gzeon-c4 marked the issue as primary issue
gzeon-c4 marked the issue as insufficient quality report
intended behavior, anyone can lock the rate after expiry
JustDravee marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-02-spectra/blob/main/src/tokens/PrincipalToken.sol#L409
Vulnerability details
Impact
Attackers can exploit the reliance on calling
storeRatesAtExpiry()
to lock rates after expiry to extract additional value or manipulate user redemptions.Proof of Concept
Lines of code
The contract relies on this being called to set rates after expiry but there is no control on when it can be called.
An attacker could wait until favourable rate moves after expiry and then call
storeRatesAtExpiry()
to lock in rates benefiting themselves or causing maximum damage.Recommended Mitigation Steps
storeRatesAtExpiry()
Assessed type
Access Control