c4-judge
commented
5 months ago jhsagd76 marked the issue as satisfactory
Open c4-bot-9 opened 5 months ago
c4-judge
commented
5 months ago jhsagd76 marked the issue as satisfactory
Lines of code
Vulnerability details
C4 issue
M-05: setReserveFactor fails to update global interest before updating reserve factor
Comments
The original implementation missed updating the global interest before the reserve factor was updated. Because the interest rate utilizes the reserve factor in it's calculations, if the interest rate was not updated for an arbitrary amount of time, Revert's state math would become incorrect when an admin updated the reserve factor without first updating the interest rate.
Mitigation
PR #23
By calling
_updateGlobalInterest()before updating the reserve factor, Revert ensures that the interest rates calculation will use the correct "old" reserve factor for all previous blocks up to the current block. Once the global interest rate is updated with the "old" reserve factor, the reserve factor can be safely updated.Conclusion
LGTM