Platform: Code4rena
Start Date: 08/05/2023
Pot Size: $90,500 USDC
Total HM: 17
Participants: 102
Period: 7 days
Judge: 0xean
Total Solo HM: 4
Id: 236
League: ETH
Rank: 61/102
Findings: 1
Award: $66.59
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Team_Rocket
Also found by: 0xkazim, BPZ, Bauchibred, BoltzmannBrain, Brenzee, DeliChainSec, Franfran, Lilyjjo, MohammedRizwan, SaeedAlipoor01988, Yardi256, ast3ros, berlin-101, carlitox477, fs0c, peritoflores, sashik_eth, sces60107, thekmj, volodya, zzykxx
66.5871 USDC - $66.59
https://github.com/code-423n4/2023-05-venus/blob/main/contracts/WhitePaperInterestRateModel.sol#L17
The constant blocksPerYear in WhitePaperInterestRateModel.sol is set to 2102400 which is the number of blocks in a year for a block time of 15 seconds, but the protocol will be deployed on BSC which has a block time of ~3 seconds.
The borrow rate of pools using the WhitePaperInterestRateModel.sol interest rate strategy will be ~5 times bigger than expected.
The constant blocksPerYear is 5 times smaller than expected and is used in the constructor to set 2 immutable constants baseRatePerBlock and multiplierPerBlock:
baseRatePerBlock = baseRatePerYear / blocksPerYear; multiplierPerBlock = multiplierPerYear / blocksPerYear;
which will be both set to a value ~5 times bigger than expected.
The 2 constants are then used in the getBorrowRate as multiplier and added to calculate the borrow rate:
return ((ur * multiplierPerBlock) / BASE) + baseRatePerBlock;
which will result in a value ~5 times bigger than expected.
Set the constant blocksPerYear to 10512000, like correctly done in BaseJumpRateModelV2.sol.
Other
#0 - c4-judge
2023-05-16T09:23:04Z
0xean marked the issue as duplicate of #559
#1 - c4-judge
2023-06-05T14:03:02Z
0xean marked the issue as satisfactory
#2 - c4-judge
2023-06-05T14:38:32Z
0xean changed the severity to 3 (High Risk)