BaseRate can be update by anyone #198

code423n4 · 2022-06-21T17:34:54Z

Lines of code

https://github.com/Plex-Engineer/lending-market/blob/755424c1f9ab3f9f0408443e6606f94e4f08a990/contracts/NoteInterest.sol#L118

Vulnerability details

Impact

There is no access modifier in updateBaseRate due to which, anyone can change Baserate to a very low value an borrow the large value
function updateBaseRate(uint newBaseRatePerYear) public {}

Proof of Concept

https://github.com/Plex-Engineer/lending-market/blob/755424c1f9ab3f9f0408443e6606f94e4f08a990/contracts/NoteInterest.sol#L118

Tools Used

manual review

Recommended Mitigation Steps

add a access modifier

The text was updated successfully, but these errors were encountered:

ecmendenhall · 2022-06-21T22:13:37Z

Duplicate of #22

tkkwon1998 · 2022-06-22T19:49:51Z

Duplicate of #22

GalloDaSballo · 2022-08-04T22:05:52Z

Dup of #22

code423n4 added 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working labels Jun 21, 2022

code423n4 added a commit that referenced this issue Jun 21, 2022

JMukesh issue #198

7b9cfc9

tkkwon1998 added the duplicate This issue or pull request already exists label Jun 22, 2022

tkkwon1998 marked this as a duplicate of #22 Jun 22, 2022

tkkwon1998 closed this as completed Jun 22, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

BaseRate can be update by anyone #198

BaseRate can be update by anyone #198

code423n4 commented Jun 21, 2022

ecmendenhall commented Jun 21, 2022

tkkwon1998 commented Jun 22, 2022

GalloDaSballo commented Aug 4, 2022

BaseRate can be update by anyone #198

BaseRate can be update by anyone #198

Comments

code423n4 commented Jun 21, 2022

Lines of code

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

ecmendenhall commented Jun 21, 2022

tkkwon1998 commented Jun 22, 2022

GalloDaSballo commented Aug 4, 2022