Platform: Code4rena
Start Date: 29/03/2022
Pot Size: $30,000 USDC
Total HM: 6
Participants: 24
Period: 3 days
Judge: HardlyDifficult
Total Solo HM: 4
Id: 101
League: ETH
Rank: 19/24
Findings: 1
Award: $76.83
🌟 Selected for report: 0
🚀 Solo Findings: 0
76.8275 USDC - $76.83
update[XXXX]LimitLimits functionsAll the update[XXXX]LimitLimits functions here have a logic error in the first require:
require(_min < _max || _min.mul(_max) == 0, 'UBLL1');
This require check passes if _max = 0..._min can then be bigger than max. I would suggest the following fix:
require(_min < _max || (_min == 0 && _max == 0), 'UBLL1');
This has low risk because all of the update[XXXX]LimitLimits functions are protected by onlyOwner. However if the owner did make a mistake then it would impact all limit calculations and effectively brick the contract until the owner resolved the mistake.
calculateInterestAccrued calculations differ from documentationIn the documentation it states the following:
Grace Period Interest Rate: Interest rate that will be used for calculating interest during the grace period
However in the calculateInterestAccrued function here, penalty interest is added to normal interest (where normal interest is also calculated during the grace period):
_interestAccrued = _interestAccrued.add(_penalityInterest);
Thus, the actual interest being calculated during the grace period is actually the normal interest rate plus the penalty interest rate. This is detrimental to the borrower. Either the documentation should be updated to reflect the code, or the interest calculation in the code should be modified to match the documentation.
#0 - ritik99
2022-04-13T08:35:28Z