Steadefi

DeFiHardhatFoundryOracle

35,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

L1: Mechanism to handle leap year

0xpinto

Summary

The function "_pendintInterest" will have a higher or lower rate per sec each leap year. As 2024 is a leap year, at launch the rate per sec will not the one expected.

Vulnerability Details

https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/lending/LendingVault.sol

The constant is defined by this instruction :

21 uint256 public constant SECONDS_PER_YEAR = 365 days;

The variable _ratePerSec is defined by this instruction

460 uint256 _ratePerSec = _calculateInterestRate(totalBorrows, _floating) / SECONDS_PER_YEAR;

Impact

Partial loss of fund for the protocol or the users.

Tools Used

Manual Review

Recommendations

Updates

Lead Judging Commences

hans Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Known issue

0xpinto Submitter

almost 2 years ago

hans Auditor

almost 2 years ago

0xpinto Submitter

almost 2 years ago

hans Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

2,289

15 USDC / LOC

High Medium

33,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.