ReserveLibrary::setPrimeRate can be DoS, in case of spike of rate more than 5%, primeRate could not be reflected forever
Summary
In setPrimeRate() there is a condition that will make the condition revert in case of a change of more than 5% in the primeRate. If the rate keep growing, it will never be reflected in the protocol as setPrimeRate() will be DoS forever, until the rate goes lower to 5% difference with the value sets in the protocol.
Vulnerability Details
This 5% set as a protection can end up DoSing the function. setPrimeRate() is callable only by the oracle, and if there is a situation in the market where the primeRate actually jumps or go down of 5% and stays there, it will be impossible to have the rate reflected in the protocol
As this rate is used everywhere to calculate borrowing and lending fees, it could render the protocol out of sync with actual market.
Impact
The protocol will not be able to reflect current real-life market rates and will lose attractivity
Tools Used
Manual
Recommendations
Avoid this 5% limitation. It's set up as an oracle error protection. As we don't yet know how it will work, it could be better to add a check at the Oracle level and not the value returned by it.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.