search

code-423n4 / 2024-03-neobase-findings

0 stars 0 forks source link

In case if market will be blacklisted, then user will not be able to claim rewards #13

Open c4-bot-7 opened 7 months ago

c4-bot-7 commented 7 months ago

Lines of code

https://github.com/code-423n4/2024-03-neobase/blob/main/src/LendingLedger.sol#L65

Vulnerability details

Proof of Concept

LendingLedger.update_market can be called only for whitelisted markets. Protocol has ability to blacklist any markets. In case if market was whitelisted before and then got blacklisted by protocol team, that it's impossible to call update_market, which means that users will not be able to claim earned rewards.

And another problem with that is need to call update_market before blacklisting, to get correct rewards rate.

Impact

Users can't claim rewards

Tools Used

VsCode

Recommended Mitigation Steps

Allow users to claim rewards after market was blacklisted.

Assessed type

Error

c4-judge commented 7 months ago

MarioPoneder marked the issue as duplicate of #6

c4-judge commented 6 months ago

MarioPoneder changed the severity to QA (Quality Assurance)

c4-judge commented 6 months ago

MarioPoneder marked the issue as grade-a