Inconsistent Interest Accrual for Debt Tokens in BlueBerryBank Contract
Summary
The BlueBerryBank contract contains a discrepancy in how interest accrual is triggered for different debt tokens within a position. This inconsistency can lead to incorrect calculations of a position's debt and liquidation status, potentially resulting in unexpected behavior and undermining the integrity of the lending and borrowing protocol.
Vulnerability Detail
The vulnerability is particularly evident in the execute function. Although the calculation of whether a position is liquidatable takes into account all debt tokens within the position, interest accrual is not consistently applied to all debt tokens before the check. This discrepancy can lead to a situation where a position is considered non-liquidatable due to incomplete debt calculations.
Impact
This vulnerability can allow users to perform operations on their positions that result in an artificially non-liquidatable status. As interest accrual is not consistently triggered for all debt tokens, the calculated debt value of the position might be lower than it should be. Consequently, positions that should be liquidatable may remain operational, further deteriorating the bank's debt situation and increasing the overall number of liquidatable positions.
It is crucial to ensure that interest accrual is triggered consistently for all relevant debt tokens within a position. A potential solution involves modifying the execute function to initiate interest accrual for all debt tokens associated with the position before any other actions are performed.
Oxhunter526
medium
Inconsistent Interest Accrual for Debt Tokens in BlueBerryBank Contract
Summary
The BlueBerryBank contract contains a discrepancy in how interest accrual is triggered for different debt tokens within a position. This inconsistency can lead to incorrect calculations of a position's debt and liquidation status, potentially resulting in unexpected behavior and undermining the integrity of the lending and borrowing protocol.
Vulnerability Detail
The vulnerability is particularly evident in the
executefunction. Although the calculation of whether a position is liquidatable takes into account all debt tokens within the position, interest accrual is not consistently applied to all debt tokens before the check. This discrepancy can lead to a situation where a position is considered non-liquidatable due to incomplete debt calculations.Impact
This vulnerability can allow users to perform operations on their positions that result in an artificially non-liquidatable status. As interest accrual is not consistently triggered for all debt tokens, the calculated debt value of the position might be lower than it should be. Consequently, positions that should be liquidatable may remain operational, further deteriorating the bank's debt situation and increasing the overall number of liquidatable positions.
Code Snippet
(https://github.com/sherlock-audit/2023-07-blueberry/blob/main/blueberry-core/contracts/BlueBerryBank.sol#L629-L668) (https://github.com/sherlock-audit/2023-07-blueberry/blob/main/blueberry-core/contracts/BlueBerryBank.sol#L675-L713) (https://github.com/sherlock-audit/2023-07-blueberry/blob/main/blueberry-core/contracts/BlueBerryBank.sol#L720-L748)
Tool used
Manual Review
Recommendation
It is crucial to ensure that interest accrual is triggered consistently for all relevant debt tokens within a position. A potential solution involves modifying the execute function to initiate interest accrual for all debt tokens associated with the position before any other actions are performed.
Duplicate of #16