FraxlendPair.changeFee() doesn't update interest before changing fee. #236
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
https://github.com/code-423n4/2022-08-frax/blob/c4189a3a98b38c8c962c5ea72f1a322fbc2ae45f/src/contracts/FraxlendPair.sol#L215-L222
Vulnerability details
Impact
This function is changing the protocol fee that is used during interest calculation here.
But it doesn't update interest before changing the fee so the
_feesAmount
will be calculated wrongly.Proof of Concept
As we can see during pause() and unpause(),
_addInterest()
must be called before any changes.But with the changeFee(), it doesn't update interest and the
_feesAmount
might be calculated wrongly.T1
, _currentRateInfo.feeToProtocolRate = F1.T2
, the owner had changed the fee toF2
.T3
, _addInterest() is called duringdeposit()
or other functions.F1
should be applied fromT1
toT2
andF2
should be applied fromT2
andT3
. But it usesF2
fromT1
toT2
.Tools Used
Manual Review
Recommended Mitigation Steps
Recommend modifying
changeFee()
like below.The text was updated successfully, but these errors were encountered: