You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
BorrowLogic::executeRepay incorrect order of update may cause incorrect interest rates
Summary
BorrowLogic::executeRepay updates the interest rate first before updating the nextDebtShares, which will result in out-dated evaluation of total debt. This incorrect evaluation may lead to incorrect interest rate depending on the interest rate strategy.
As the result the interest rate calculation (line 139 BorrowLogic.sol) will use the previous nextDebtShares and as the result use the incorrect (not-updated) total debt value to calculate the liquidity rate and borrow rate.
Depending on the interest rate strategy, this out-dated total debt will lead to incorrect interest rate information, which may cause unexpected behavior or potential exploitation.
PoC
No response
Mitigation
Consider changing BorrowLogic::executeRepay to first adjust the cache.nextDebtShares variable before calling reserve::updateInterestRates().
sherlock-admin3
changed the title
Acrobatic Banana Poodle - BorrowLogic::executeRepay incorrect order of update may cause incorrect interest rates
lemonmon - BorrowLogic::executeRepay incorrect order of update may cause incorrect interest rates
Oct 3, 2024
lemonmon
Medium
BorrowLogic::executeRepay
incorrect order of update may cause incorrect interest ratesSummary
BorrowLogic::executeRepay
updates the interest rate first before updating thenextDebtShares
, which will result in out-dated evaluation of total debt. This incorrect evaluation may lead to incorrect interest rate depending on the interest rate strategy.Root Cause
BorrowLogic::executeRepay
updates the interest rates viareserve.updateInterestRates
and then update thecache.nextDebtShares
: https://github.com/sherlock-audit/2024-06-new-scope/blob/main/zerolend-one/contracts/core/pool/logic/BorrowLogic.sol#L139-L152However, the cache's
nextDebtShares
will be used in the interest rates calculation to evaluate the total debt: https://github.com/sherlock-audit/2024-06-new-scope/blob/main/zerolend-one/contracts/core/pool/logic/ReserveLogic.sol#L158Not that in Aave V3's executeRepay function the interest rate is correctly updated after reserveCache was updated.
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
As the result the interest rate calculation (line 139 BorrowLogic.sol) will use the previous
nextDebtShares
and as the result use the incorrect (not-updated) total debt value to calculate the liquidity rate and borrow rate.Depending on the interest rate strategy, this out-dated total debt will lead to incorrect interest rate information, which may cause unexpected behavior or potential exploitation.
PoC
No response
Mitigation
Consider changing
BorrowLogic::executeRepay
to first adjust thecache.nextDebtShares
variable before callingreserve::updateInterestRates()
.Duplicate of #413
The text was updated successfully, but these errors were encountered: