everyone CAN Trigger interest accrual for banks and utokens
Summary
everyone CAN Trigger interest accrual for banks and utokens
Vulnerability Detail
Lack of access control in BlueBerryBank.sol#accrue() anyone can do it in any moment they want
Impact
will cause unwanted accrual in interests and in false risky timing for certain utokens which is not acceptable
Code Snippet
function accrue(address token) public override {
Bank storage bank = banks[token];
if (!bank.isListed) revert BANK_NOT_LISTED(token);
bank.totalDebt = ICErc20(bank.cToken).borrowBalanceCurrent(
address(this)
);
}
Avci
high
everyone CAN Trigger interest accrual for banks and utokens
Summary
everyone CAN Trigger interest accrual for banks and utokens
Vulnerability Detail
Lack of access control in BlueBerryBank.sol#
accrue()
anyone can do it in any moment they wantImpact
will cause unwanted accrual in interests and in false risky timing for certain utokens which is not acceptable
Code Snippet
https://github.com/sherlock-audit/2023-02-blueberry/blob/main/contracts/BlueBerryBank.sol#L251
Tool used
Manual Review
Recommendation