sherlock-admin2
commented
9 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
Closed sherlock-admin2 closed 9 months ago
sherlock-admin2
commented
9 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
nevillehuang
commented
9 months ago Invalid, there is no issue here, delta is only positive when there is a surplus within contract balance and any surplus funds are assigned to treasury represented here , so there is no issue for the function to be permisionless.
iberry
high
skim() is external function in LendingPool.sol don't limit access
Summary
This function skim() in the LendingPool.sol contract is accessible externally, meaning it can be called from outside the contract by other contracts or externally owned accounts.
Vulnerability Detail
The vulnerability arises from the fact that multiple calls to skim() may enlarge totalRealisedLiquidity can reduce interestRate in _updateInterestRate function by modifier processInterests()
Impact
Multiple Calls to skim() may enlarge totalRealisedLiquidity which can reduce interestRate finally
Code Snippet
https://github.com/sherlock-audit/2023-12-arcadia/blob/main/lending-v2/src/LendingPool.sol#L665 https://github.com/sherlock-audit/2023-12-arcadia/blob/main/lending-v2/src/LendingPool.sol#L676 https://github.com/sherlock-audit/2023-12-arcadia/blob/main/lending-v2/src/LendingPool.sol#L178
Tool used
Manual Review
Recommendation
limit skim() function access control right