Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

When a new prime rate is set the old interest are not accrued, leading to more/less interest accrued in the previous time delta

anonymousjoe

Summary

Prime rate is important in the calculation of the borrow rate and thus in the liquidity rate. These rates determine how the interest grows for the lenders and the borrowers. When a new prime rate is set, the interest of the lenders and the borrowers till then is not updated, rather the borrow rate and liquidity rate is directly changed and only after this is the interest on the lenders and borrowers applied. This will result in higher/lower interest on the lenders and the borrowers than expected.

Vulnerability Details

As many borrowers/lenders must have seen the current prime rate and only then lent/borrowed, changing this without proper accounting is unfair to them (it may lead to loss of protocol funds if the prime rate is lowered).

As the interest accrued by users during a time delta depends on the borrow/liquidity rate (hence the prime rate by extension), when updating the prime rate, the previous borrow/liquidity rate must be applied to the previous time delta first.(the relation between prime rate and borrow rate can be seein the calculateBorrowRate in the reserveLibrary.sol)

function setPrimeRate(uint256 newPrimeRate) external onlyPrimeRateOracle {
ReserveLibrary.setPrimeRate(reserve, rateData, newPrimeRate);
}
function setPrimeRate( ReserveData storage reserve,ReserveRateData storage rateData,uint256 newPrimeRate) internal {
if (newPrimeRate < 1) revert PrimeRateMustBePositive();
uint256 oldPrimeRate = rateData.primeRate;
if (oldPrimeRate > 0) {
uint256 maxChange = oldPrimeRate.percentMul(500); // Max 5% change
uint256 diff = newPrimeRate > oldPrimeRate ? newPrimeRate - oldPrimeRate : oldPrimeRate - newPrimeRate;
if (diff > maxChange) revert PrimeRateChangeExceedsLimit();
}
rateData.primeRate = newPrimeRate;
// updates the interest unfairly after changing the prime rate
updateInterestRatesAndLiquidity(reserve, rateData, 0, 0);
emit PrimeRateUpdated(oldPrimeRate, newPrimeRate);
}

Impact

If the prime rate is decreased, the protocol will gain less fees than expected (as borrow rate and fees are linked during calculation of liquidty rate).If it is increased the users will face a loss of funds.

Tools Used

manual review

Recommendations

update the interest first before updating the prime rate.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

setPrimeRate applies new rates retroactively by updating rates after changing primeRate, causing incorrect interest calculations for past periods

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

setPrimeRate applies new rates retroactively by updating rates after changing primeRate, causing incorrect interest calculations for past periods

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!