However, the reservedData.currentLiquidityRate may be outdated or stale.
Let us look into the struct of the ReserveData
struct ReserveData {
//stores the reserve configuration
ReserveConfigurationMap configuration;
//the liquidity index. Expressed in ray
uint128 liquidityIndex;
//the current supply rate. Expressed in ray
uint128 currentLiquidityRate;
//variable borrow index. Expressed in ray
uint128 variableBorrowIndex;
//the current variable borrow rate. Expressed in ray
uint128 currentVariableBorrowRate;
//the current stable borrow rate. Expressed in ray
uint128 currentStableBorrowRate;
//timestamp of last update
uint40 lastUpdateTimestamp;
as we can, we have a field lastUpdateTimestamp. if the lastUpdateTimestamp is too far away from the current timestamp, the stale / oudated rate data may be used.
Impact
the stale rate affects the return value from getMoneyMarket
ctf_sec
medium
AaveV3Adapter.sol#getRate may be outdated and stale.
Summary
AaveV3Adapter.sol#getRate may be outdated and stale.
Vulnerability Detail
the function getRate from AaveV3Adapter.sol returns the currentLiqudityRate directly.
However, the reservedData.currentLiquidityRate may be outdated or stale.
Let us look into the struct of the ReserveData
as we can, we have a field lastUpdateTimestamp. if the lastUpdateTimestamp is too far away from the current timestamp, the stale / oudated rate data may be used.
Impact
the stale rate affects the return value from getMoneyMarket
Code Snippet
https://github.com/sherlock-audit/2022-10-union-finance/blob/main/union-v2-contracts/contracts/asset/AaveV3Adapter.sol#L149-L153
Tool used
Manual Review
Recommendation
We recommend the project check that lastUpdateTimestamp is not too far from the current timestamp.