Platform: Code4rena
Start Date: 03/05/2022
Pot Size: $50,000 USDC
Total HM: 4
Participants: 46
Period: 5 days
Judge: gzeon
Total Solo HM: 2
Id: 117
League: ETH
Rank: 35/46
Findings: 1
Award: $93.58
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: BowTiedWardens
Also found by: 0x1337, 0x1f8b, 0x4non, 0xDjango, David_, Funen, GimelSec, IllIllI, Picodes, TerrierLover, WatchPug, bobi, cryptphi, csanuragjain, delfin454000, dirk_y, ellahi, fatherOfBlocks, hyh, ilan, jayjonah8, kebabsec, leastwood, oyc_109, robee, samruna, simon135, sorrynotsorry, throttle
93.5794 USDC - $93.58
https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/Comptroller.sol#L1099 https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/Comptroller.sol#L1122 https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/ComptrollerStorage.sol#L130
In Comptroller.sol the updateCompSupplyIndex() and updateCompBorrowIndex() function define and use the compAccrued variable but this variable is inherited from ComptrollerStorage.sol. This can result in unexpected behavior.
Manual code review
Consider renaming compAccrued to _comAccrued in the updateCompBorrowIndex() and updateCompSupplyIndex() functions.
#0 - gzeoneth
2022-05-29T10:01:32Z
Lack POC and unchanged from Compound codebase. Downgrading to Low/QA.
#1 - gzeoneth
2022-05-29T13:23:51Z
Treating as warden's QA report.