Interest Rate Calculation Issue in ReserveLibrary
Summary
A critical underflow issue can potentially happen in the calculateLiquidityRate function of the ReserveLibrary contract. The issue could allow for an underflow calculation.
Vulnerability Details
The vulnerability exists in the following code segment:
```solidity
```
The vulnerability stems from an unchecked subtraction operation where grossLiquidityRate - protocolFeeAmount is performed without any validation that protocolFeeAmount is less than grossLiquidityRate. Since protocolFeeAmount is calculated using rayMul with protocolFeeRate, and there are no constraints on protocolFeeRate, this operation could underflow if protocolFeeRate is equal to or greater than RAY (1e27, representing 100%).
Impact Med/Low
If improperly sets it, protocolFeeRate could cause liquidity rates to underflow or a possibility for them to become invalid, potentially disrupting protocol operations.
Recommendation
Implement an explicit validation check before performing calculations, preventing potential underflow and maintaining expected protocol behavior.
For example:
```solidity
if (newProtocolFeeRate > WadRayMath.RAY) revert ProtocolFeeRateTooHigh();
```
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.