In getRatesPerSecondX96 function the calculation of the borrowRateX96 and supplyRateX96 when the utilizationRateX96 is equal to kinkX96.
When utilizationRateX96 is equal to kinkX96, the borrowRateX96 should be calculated using the multiplierPerSecondX96 and baseRatePerSecondX96 as follows:
The calculation of borrowRateX96 when utilizationRateX96 is equal to kinkX96 should be updated to use multiplierPerSecondX96 instead of jumpMultiplierPerSecondX96. The corrected implementation should be:
Lines of code
https://github.com/code-423n4/2024-03-revert-lend/blob/main/src/InterestRateModel.sol#L58-L76
Vulnerability details
Impact
In
getRatesPerSecondX96
function the calculation of theborrowRateX96
andsupplyRateX96
when theutilizationRateX96
is equal tokinkX96
.When
utilizationRateX96
is equal tokinkX96
, theborrowRateX96
should be calculated using themultiplierPerSecondX96
andbaseRatePerSecondX96
as follows:However, the current implementation calculates
borrowRateX96
using thejumpMultiplierPerSecondX96
instead ofmultiplierPerSecondX96
:Since
utilizationRateX96
is equal tokinkX96
,excessUtilX96
will be zero, andborrowRateX96
will be equal tonormalRateX96
.However,
normalRateX96
is calculated usingkinkX96
instead ofutilizationRateX96
, which is incorrect.cause the borrow rate to be calculated incorrectly when the utilization rate is equal to the kink.
Proof of Concept
Tools Used
Manual Review
Recommended Mitigation Steps
The calculation of
borrowRateX96
whenutilizationRateX96
is equal tokinkX96
should be updated to usemultiplierPerSecondX96
instead ofjumpMultiplierPerSecondX96
. The corrected implementation should be:This ensures that the borrow rate is calculated correctly when the utilization rate is equal to the kink.
Assessed type
Math