c4-bot-5 commented 4 months ago

Lines of code

https://github.com/code-423n4/2024-03-revert-lend/blob/main/src/V3Vault.sol#L1246 https://github.com/code-423n4/2024-03-revert-lend/blob/main/src/V3Vault.sol#L1258

Vulnerability details

Impact

Detailed description of the impact of this finding. wrong implementation of _resetDailyLendIncreaseLimit and _resetDailyDebtIncreaseLimit.

dailyLendIncreaseLimitLeft = @> dailyLendIncreaseLimitMin > lendIncreaseLimit ? dailyLendIncreaseLimitMin : lendIncreaseLimit;

I think we are assigning the wrong value to the dailyLendIncreaseLimitLeft. It will set the wrong value to the dailyLendIncreaseLimitLeft.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. function _resetDailyLendIncreaseLimit(uint256 newLendExchangeRateX96, bool force) internal { // daily lend limit reset handling uint256 time = block.timestamp / 1 days; if (force || time > dailyLendIncreaseLimitLastReset) { uint256 lendIncreaseLimit = _convertToAssets(totalSupply(), newLendExchangeRateX96, Math.Rounding.Up)

(Q32 + MAX_DAILY_LEND_INCREASE_X32) / Q32; dailyLendIncreaseLimitLeft = @> dailyLendIncreaseLimitMin > lendIncreaseLimit ? dailyLendIncreaseLimitMin : lendIncreaseLimit; dailyLendIncreaseLimitLastReset = time; } }

function _resetDailyDebtIncreaseLimit(uint256 newLendExchangeRateX96, bool force) internal { // daily debt limit reset handling uint256 time = block.timestamp / 1 days; if (force || time > dailyDebtIncreaseLimitLastReset) { uint256 debtIncreaseLimit = _convertToAssets(totalSupply(), newLendExchangeRateX96, Math.Rounding.Up)
(Q32 + MAX_DAILY_DEBT_INCREASE_X32) / Q32; dailyDebtIncreaseLimitLeft = @> dailyDebtIncreaseLimitMin > debtIncreaseLimit ? dailyDebtIncreaseLimitMin : debtIncreaseLimit; dailyDebtIncreaseLimitLastReset = time; } }

Tools Used

Recommended Mitigation Steps

function _resetDailyLendIncreaseLimit(uint256 newLendExchangeRateX96, bool force) internal { // daily lend limit reset handling uint256 time = block.timestamp / 1 days; if (force || time > dailyLendIncreaseLimitLastReset) { uint256 lendIncreaseLimit = _convertToAssets(totalSupply(), newLendExchangeRateX96, Math.Rounding.Up)

(Q32 + MAX_DAILY_LEND_INCREASE_X32) / Q32; dailyLendIncreaseLimitLeft = @> dailyLendIncreaseLimitMin > lendIncreaseLimit ? lendIncreaseLimit: dailyLendIncreaseLimitMin ; dailyLendIncreaseLimitLastReset = time; } }

function _resetDailyDebtIncreaseLimit(uint256 newLendExchangeRateX96, bool force) internal { // daily debt limit reset handling uint256 time = block.timestamp / 1 days; if (force || time > dailyDebtIncreaseLimitLastReset) { uint256 debtIncreaseLimit = _convertToAssets(totalSupply(), newLendExchangeRateX96, Math.Rounding.Up)
(Q32 + MAX_DAILY_DEBT_INCREASE_X32) / Q32; dailyDebtIncreaseLimitLeft = @> dailyDebtIncreaseLimitMin > debtIncreaseLimit ? debtIncreaseLimit:dailyDebtIncreaseLimitMin; dailyDebtIncreaseLimitLastReset = time; } }

Assessed type

Context

c4-pre-sort commented 4 months ago

0xEVom marked the issue as duplicate of #372

c4-pre-sort commented 4 months ago

0xEVom marked the issue as insufficient quality report

c4-pre-sort commented 3 months ago

0xEVom marked the issue as duplicate of #80

c4-pre-sort commented 3 months ago

0xEVom marked the issue as not a duplicate

0xEVom commented 3 months ago

There is no error here

c4-judge commented 3 months ago

jhsagd76 marked the issue as unsatisfactory: Invalid

jhsagd76 commented 3 months ago

cant read

code-423n4 / 2024-03-revert-lend-findings

wrong implement of ' _resetDailyLendIncreaseLimit' and '_resetDailyDebtIncreaseLimit' #506