MAX_DAILY_LEND_INCREASE_X32 and MAX_DAILY_DEBT_INCREASE_X32 is set to 10%, but the formulas calculate lendIncreaseLimit and debtIncreaseLimit as (Q32 + 0.1*Q32)/Q32 = 110%.
Mitigation
PR #22
The mitigation code updates the formulas to correctly reflect daily lend/debt limit increase:
Lines of code
Vulnerability details
C4 issue
M-06: Users can lend and borrow above allowed limitations
Comment
The original code for daily lend/borrow limit increase is wrong:
MAX_DAILY_LEND_INCREASE_X32
andMAX_DAILY_DEBT_INCREASE_X32
is set to 10%, but the formulas calculatelendIncreaseLimit
anddebtIncreaseLimit
as(Q32 + 0.1*Q32)/Q32 = 110%
.Mitigation
PR #22 The mitigation code updates the formulas to correctly reflect daily lend/debt limit increase:
The mitigation resolved the original issue.
Conclusion
LGTM