Platform: Code4rena
Start Date: 07/04/2022
Pot Size: $100,000 USDC
Total HM: 20
Participants: 62
Period: 7 days
Judge: LSDan
Total Solo HM: 11
Id: 107
League: ETH
Rank: 16/62
Findings: 2
Award: $1,090.10
🌟 Selected for report: 0
🚀 Solo Findings: 0
Wrong interest can be charged if interest is changed without calling accrue()
The function setDebtInterestApr() updates the interest charged on debt without calling accrue() before to compute previous interests. If someone takes debt at 2% and after 1 month no one accrues and interest is changed to 5% user will pay 5% interest for the past month while the interest was 2%
call accrue() in the beginning of setDebtInterestApr()
#0 - spaghettieth
2022-04-13T13:00:57Z
Duplicate of #78
25.7805 USDC - $25.78
Price returned by oracle could be stale
The use of aggregator.latestAnswer() is deprecated and could lead to stale data if the data wasn't recently updated. This is especially important for checking NFT prices since prices can change quickly it's critical to always check data was updated
Use aggregator.latestRoundData() to get the price and check if the data is stale and the round is incomplete
(uint80 roundID, int256 price, , uint256 timeStamp, uint80 answeredInRound) = aggregator.latestRoundData(); require(answeredInRound >= roundID, "..."); require(timeStamp != 0, "...");
#0 - spaghettieth
2022-04-13T11:37:57Z
Duplicate of #4