search

sherlock-audit / 2023-02-surge-judging

4 stars 1 forks source link

Avci - Division before multiplication will cause issues #285

Closed github-actions[bot] closed 1 year ago

github-actions[bot] commented 1 year ago

Avci

medium

Division before multiplication will cause issues

Summary

Division before multiplication will cause issues

Vulnerability Detail

Division before multiplication will cause issues in the poollens interest calculation in getCurrentTotalDebt function _totalDebt * _borrowRate / 1e18 * _timeDelta / 365 days;

Impact

will cause issues in the poollens interest calculation in getCurrentTotalDebt function _totalDebt * _borrowRate / 1e18 * _timeDelta / 365 days;

https://github.com/sherlock-audit/2023-02-surge/blob/main/surge-protocol-v1/src/PoolLens.sol#LL41

Code Snippet

    function getCurrentTotalDebt(address pool) public view returns (uint256) {
        uint _totalDebt = Pool(pool).lastTotalDebt();
        if(_totalDebt == 0) return 0;
        uint _lastAccrueInterestTime = Pool(pool).lastAccrueInterestTime();
        if(_lastAccrueInterestTime == block.timestamp) return _totalDebt;
        uint _borrowRate = getBorrowRateMantissa(pool);
        uint _timeDelta = block.timestamp - _lastAccrueInterestTime;
        uint _interest = _totalDebt * _borrowRate / 1e18 * _timeDelta / 365 days;
        return _totalDebt + _interest;
    }

https://github.com/sherlock-audit/2023-02-surge/blob/main/surge-protocol-v1/src/PoolLens.sol#LL41

Tool used

Manual Review

Recommendation

consider modifying the interest value logic to the way Division before multiplication not happens.