M-05 MitigationConfirmed

[c4-bot-10]

Lines of code

Vulnerability details

C4 issue

M-05: setReserveFactor fails to update global interest before updating reserve factor

Comment

The original code does up call _updateGlobalInterest before it updates reserveFactorX32 while this variable reserveFactorX32 is used in global interest rate calculation:

(uint256 borrowRateX96, uint256 supplyRateX96) = interestRateModel.getRatesPerSecondX96(available, debt);

        supplyRateX96 = supplyRateX96.mulDiv(Q32 - reserveFactorX32, Q32);

        // always growing or equal
        uint256 lastRateUpdate = lastExchangeRateUpdate;

        if (lastRateUpdate > 0) {
            newDebtExchangeRateX96 = oldDebtExchangeRateX96
                + oldDebtExchangeRateX96 * (block.timestamp - lastRateUpdate) * borrowRateX96 / Q96;
            newLendExchangeRateX96 = oldLendExchangeRateX96
                + oldLendExchangeRateX96 * (block.timestamp - lastRateUpdate) * supplyRateX96 / Q96;
        } else {
            newDebtExchangeRateX96 = oldDebtExchangeRateX96;
            newLendExchangeRateX96 = oldLendExchangeRateX96;
        }

This will cause the new reserveFactorX32 to be applied in calculation with old exchange rates of the last update.

Mitigation

PR #23 The mitigation code calls _updateGlobalInterest before setting new reserveFactorX32:

function setReserveFactor(uint32 _reserveFactorX32) external onlyOwner {
        // update interest to be sure that reservefactor change is applied from now on
        _updateGlobalInterest();
        reserveFactorX32 = _reserveFactorX32;
        emit SetReserveFactor(_reserveFactorX32);
    }

The mitigation solved the original issue

Conclusion

LGTM

[c4-judge]

jhsagd76 marked the issue as satisfactory