Closed c4-bot-4 closed 3 months ago
0xEVom marked the issue as insufficient quality report
reserveFactorX32
is documented as being the "reserve factor multiplied by Q32", not a number between 0 and 100.
jhsagd76 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-03-revert-lend/blob/main/src/V3Vault.sol#L1167-L1195
Vulnerability details
Impact
_calculateGlobalInterest()
function, thesupplyRateX96
is calculated as follows:The
reserveFactorX32
is a value between 0 and 100, representing the percentage of interest that is kept in the protocol for reserves. However, the calculation subtractsreserveFactorX32
fromQ32
(which is equal to 2**32), resulting in an incorrect calculation of thesupplyRateX96
.Proof of Concept
Tools Used
Manual Review
Recommended Mitigation Steps
The correct calculation should be:
This ensures that the
supplyRateX96
is correctly calculated based on the reserve factor percentage.Assessed type
Decimal