issue 2 . sellers do not accrue interests since the exchange rate does not change after the lockup period has ended.
Summary
The exchange rate is not updated after the lockup period has ended.
Vulnerability Detail
when exiting the market sellers should accrue interests depending on the capital deposited. The interests is reliant on the exchange rate increasing. therefore the exchange rate when converting stokenshares to underlying amount after lockup period should be higher than the when converting underlying amount to stoken before lockup period.
Impact
Code Snippet
function convertToSToken(uint256 _underlyingAmount)
public
view
override
returns (uint256)
{
uint256 _scaledUnderlyingAmt = ProtectionPoolHelper
.scaleUnderlyingAmtTo18Decimals(
_underlyingAmount,
poolInfo.underlyingToken.decimals()
);
/// if there are no sTokens in the pool, return the underlying amount
if (totalSupply() == 0) return _scaledUnderlyingAmt;
return
(_scaledUnderlyingAmt * Constants.SCALE_18_DECIMALS) / _getExchangeRate();
Auditwolf
high
issue 2 . sellers do not accrue interests since the exchange rate does not change after the lockup period has ended.
Summary
The exchange rate is not updated after the lockup period has ended.
Vulnerability Detail
when exiting the market sellers should accrue interests depending on the capital deposited. The interests is reliant on the exchange rate increasing. therefore the exchange rate when converting stokenshares to underlying amount after lockup period should be higher than the when converting underlying amount to stoken before lockup period.
Impact
Code Snippet
function convertToSToken(uint256 _underlyingAmount) public view override returns (uint256) { uint256 _scaledUnderlyingAmt = ProtectionPoolHelper .scaleUnderlyingAmtTo18Decimals( _underlyingAmount, poolInfo.underlyingToken.decimals() );
}
function convertToUnderlying(uint256 _sTokenShares) public view override returns (uint256) { return ProtectionPoolHelper.scale18DecimalsAmtToUnderlyingDecimals( ((_sTokenShares _getExchangeRate()) / Constants.SCALE_18_DECIMALS), /// underlying amount in 18 decimals poolInfo.underlyingToken.decimals() ); function _getExchangeRate() internal view returns (uint256) { uint256 _totalScaledCapital = ProtectionPoolHelper .scaleUnderlyingAmtTo18Decimals( totalSTokenUnderlying, poolInfo.underlyingToken.decimals() ); uint256 _totalSTokenSupply = totalSupply(); uint256 _exchangeRate = (_totalScaledCapital Constants.SCALE_18_DECIMALS) / _totalSTokenSupply;
[}
Tool used
Manual Review
Recommendation
update the exchange rate once the lockup period has ended.