The original code does up call _updateGlobalInterest before it updates reserveFactorX32 while this variable reserveFactorX32 is used in global interest rate calculation:
This will cause the new reserveFactorX32 to be applied in calculation with old exchange rates of the last update.
Mitigation
PR #23
The mitigation code calls _updateGlobalInterest before setting new reserveFactorX32:
function setReserveFactor(uint32 _reserveFactorX32) external onlyOwner {
// update interest to be sure that reservefactor change is applied from now on
_updateGlobalInterest();
reserveFactorX32 = _reserveFactorX32;
emit SetReserveFactor(_reserveFactorX32);
}
Lines of code
Vulnerability details
C4 issue
M-05: setReserveFactor fails to update global interest before updating reserve factor
Comment
The original code does up call
_updateGlobalInterest
before it updatesreserveFactorX32
while this variablereserveFactorX32
is used in global interest rate calculation:This will cause the new
reserveFactorX32
to be applied in calculation with old exchange rates of the last update.Mitigation
PR #23 The mitigation code calls
_updateGlobalInterest
before setting newreserveFactorX32
:The mitigation solved the original issue
Conclusion
LGTM