Open c4-bot-4 opened 1 month ago
MarioPoneder marked the issue as duplicate of #7
MarioPoneder marked the issue as partial-50
MarioPoneder marked the issue as not a duplicate
MarioPoneder marked the issue as primary issue
Different instance than #7.
MarioPoneder marked the issue as satisfactory
MarioPoneder marked the issue as selected for report
We suggest adjust the severity level to Low Risk or Information.
Because there's many TX action will frequently trigger to update the interest index, e.g. borrow/repay. And we check the same logic exist in Aave V2 & V3.
Thanks for adding that clarification!
Similar case as in #7. The same reasoning applies here.
Lines of code
https://github.com/code-423n4/2024-07-benddao/blob/main/src/libraries/logic/ConfigureLogic.sol#L526 https://github.com/code-423n4/2024-07-benddao/blob/main/src/libraries/logic/ConfigureLogic.sol#L626
Vulnerability details
Impact
After updating the interest model, the protocol does not update the interest rate, resulting in interest being calculated at the old model rates for some time.
Proof of Concept
The pool admin can change rate model in the
Configurator.sol
module:However, interest rate is not updated, meaning interest will be calculated with the cached old model rates until
InterestLogic.updateInterestRates
is finally called.Tools Used
Manual review
Recommended Mitigation Steps
Assessed type
Other