Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lemonmon - BorrowLogic::executeRepay incorrect order of update may cause incorrect interest rates #253

Closed
sherlock-admin3 opened this issue Sep 10, 2024 · 0 comments
Closed

lemonmon - BorrowLogic::executeRepay incorrect order of update may cause incorrect interest rates #253

sherlock-admin3 opened this issue Sep 10, 2024 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A High severity issue. Reward A payout will be made for this issue

Comments

@sherlock-admin3
Copy link
Contributor

sherlock-admin3 commented Sep 10, 2024
edited
Loading

lemonmon

Medium

BorrowLogic::executeRepay incorrect order of update may cause incorrect interest rates

Summary

BorrowLogic::executeRepay updates the interest rate first before updating the nextDebtShares, which will result in out-dated evaluation of total debt. This incorrect evaluation may lead to incorrect interest rate depending on the interest rate strategy.

Root Cause

BorrowLogic::executeRepay updates the interest rates via reserve.updateInterestRates and then update the cache.nextDebtShares: https://github.com/sherlock-audit/2024-06-new-scope/blob/main/zerolend-one/contracts/core/pool/logic/BorrowLogic.sol#L139-L152

However, the cache's nextDebtShares will be used in the interest rates calculation to evaluate the total debt: https://github.com/sherlock-audit/2024-06-new-scope/blob/main/zerolend-one/contracts/core/pool/logic/ReserveLogic.sol#L158

Not that in Aave V3's executeRepay function the interest rate is correctly updated after reserveCache was updated.

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

As the result the interest rate calculation (line 139 BorrowLogic.sol) will use the previous nextDebtShares and as the result use the incorrect (not-updated) total debt value to calculate the liquidity rate and borrow rate.
Depending on the interest rate strategy, this out-dated total debt will lead to incorrect interest rate information, which may cause unexpected behavior or potential exploitation.

PoC

No response

Mitigation

Consider changing BorrowLogic::executeRepay to first adjust the cache.nextDebtShares variable before calling reserve::updateInterestRates().

Duplicate of #413
@github-actions github-actions bot added Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A High severity issue. labels Sep 20, 2024
@sherlock-admin3 sherlock-admin3 changed the title Acrobatic Banana Poodle - BorrowLogic::executeRepay incorrect order of update may cause incorrect interest rates lemonmon - BorrowLogic::executeRepay incorrect order of update may cause incorrect interest rates Oct 3, 2024
@sherlock-admin3 sherlock-admin3 added the Reward A payout will be made for this issue label Oct 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A High severity issue. Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin3