Closed sherlock-admin3 closed 4 months ago
ether_sky
medium
In the totalAssets function, the backupEarnings (unassignedEarnings in maturity pool) from the past maturity pools is not considered.
totalAssets
backupEarnings
unassignedEarnings
maturity pool
maturity pools
function totalAssets() public view override returns (uint256) { unchecked { uint256 backupEarnings = 0; uint256 latestMaturity = block.timestamp - (block.timestamp % FixedLib.INTERVAL); uint256 maxMaturity = latestMaturity + maxFuturePools * FixedLib.INTERVAL; for (uint256 maturity = latestMaturity; maturity <= maxMaturity; maturity += FixedLib.INTERVAL) { FixedLib.Pool storage pool = fixedPools[maturity]; uint256 lastAccrual = pool.lastAccrual; if (maturity > lastAccrual) { backupEarnings += block.timestamp < maturity ? pool.unassignedEarnings.mulDivDown(block.timestamp - lastAccrual, maturity - lastAccrual) : pool.unassignedEarnings; } } return floatingAssets + backupEarnings + accumulatedEarnings() + (totalFloatingBorrowAssets() - floatingDebt).mulWadDown(1e18 - treasuryFeeRate); } }
Obviously, there will be some past maturity pools which has unpaid debt.
debt
https://github.com/sherlock-audit/2024-04-interest-rate-model/blob/8f6ef1b0868d3ea3a98a5ab7e8b3a164857681d7/protocol/contracts/Market.sol#L925-L949
Manual Review
This issue wasn't marked a duplicate of #158 because it just identifies the root cause, without describing an attack path and a valid impact.
ether_sky
medium
Incorrect totalAssets function.
Summary
Vulnerability Detail
In the
totalAssets
function, thebackupEarnings
(unassignedEarnings
inmaturity pool
) from the pastmaturity pools
is not considered.Obviously, there will be some past
maturity pools
which has unpaiddebt
.Impact
Code Snippet
https://github.com/sherlock-audit/2024-04-interest-rate-model/blob/8f6ef1b0868d3ea3a98a5ab7e8b3a164857681d7/protocol/contracts/Market.sol#L925-L949
Tool used
Manual Review
Recommendation