By design V3Vault.sol should calculate the dailyLendIncreaseLimitLeft & dailyDebtIncreaseLimitLeft as 10% of the total loans issued in any given 24-hour period. The calculations however were incorrect and instead of 10% the limit was calculated as 110%, effectively disabling the 24-hour cap on new loans.
Mitigation
PR-22 successfully mitigates the original issue by fixing the calculation of dailyDebtIncreaseLimitLeft & dailyLendIncreaseLimitLeft.
Lines of code
Vulnerability details
C4 Issue
M-06: Users can lend and borrow above allowed limitations
Issue Details
By design
V3Vault.sol
should calculate thedailyLendIncreaseLimitLeft
&dailyDebtIncreaseLimitLeft
as 10% of the total loans issued in any given 24-hour period. The calculations however were incorrect and instead of10%
the limit was calculated as110%
, effectively disabling the 24-hour cap on new loans.Mitigation
PR-22 successfully mitigates the original issue by fixing the calculation of
dailyDebtIncreaseLimitLeft
&dailyLendIncreaseLimitLeft
.Conclusion
Mitigation Confirmed