Closed c4-bot-5 closed 3 months ago
0xEVom marked the issue as duplicate of #372
0xEVom marked the issue as insufficient quality report
0xEVom marked the issue as duplicate of #80
0xEVom marked the issue as not a duplicate
There is no error here
jhsagd76 marked the issue as unsatisfactory: Invalid
cant read
Lines of code
https://github.com/code-423n4/2024-03-revert-lend/blob/main/src/V3Vault.sol#L1246 https://github.com/code-423n4/2024-03-revert-lend/blob/main/src/V3Vault.sol#L1258
Vulnerability details
Impact
Detailed description of the impact of this finding. wrong implementation of _resetDailyLendIncreaseLimit and _resetDailyDebtIncreaseLimit.
dailyLendIncreaseLimitLeft = @> dailyLendIncreaseLimitMin > lendIncreaseLimit ? dailyLendIncreaseLimitMin : lendIncreaseLimit;
I think we are assigning the wrong value to the dailyLendIncreaseLimitLeft. It will set the wrong value to the dailyLendIncreaseLimitLeft.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. function _resetDailyLendIncreaseLimit(uint256 newLendExchangeRateX96, bool force) internal { // daily lend limit reset handling uint256 time = block.timestamp / 1 days; if (force || time > dailyLendIncreaseLimitLastReset) { uint256 lendIncreaseLimit = _convertToAssets(totalSupply(), newLendExchangeRateX96, Math.Rounding.Up)
(Q32 + MAX_DAILY_LEND_INCREASE_X32) / Q32; dailyLendIncreaseLimitLeft = @> dailyLendIncreaseLimitMin > lendIncreaseLimit ? dailyLendIncreaseLimitMin : lendIncreaseLimit; dailyLendIncreaseLimitLastReset = time; } }
function _resetDailyDebtIncreaseLimit(uint256 newLendExchangeRateX96, bool force) internal { // daily debt limit reset handling uint256 time = block.timestamp / 1 days; if (force || time > dailyDebtIncreaseLimitLastReset) { uint256 debtIncreaseLimit = _convertToAssets(totalSupply(), newLendExchangeRateX96, Math.Rounding.Up)
Tools Used
Recommended Mitigation Steps
function _resetDailyLendIncreaseLimit(uint256 newLendExchangeRateX96, bool force) internal { // daily lend limit reset handling uint256 time = block.timestamp / 1 days; if (force || time > dailyLendIncreaseLimitLastReset) { uint256 lendIncreaseLimit = _convertToAssets(totalSupply(), newLendExchangeRateX96, Math.Rounding.Up)
(Q32 + MAX_DAILY_LEND_INCREASE_X32) / Q32; dailyLendIncreaseLimitLeft = @> dailyLendIncreaseLimitMin > lendIncreaseLimit ? lendIncreaseLimit: dailyLendIncreaseLimitMin ; dailyLendIncreaseLimitLastReset = time; } }
function _resetDailyDebtIncreaseLimit(uint256 newLendExchangeRateX96, bool force) internal { // daily debt limit reset handling uint256 time = block.timestamp / 1 days; if (force || time > dailyDebtIncreaseLimitLastReset) { uint256 debtIncreaseLimit = _convertToAssets(totalSupply(), newLendExchangeRateX96, Math.Rounding.Up)
Assessed type
Context