Inadequate addition of Prime Rate Updates to Derived Interest Parameters
Summary
When the prime rate is updated (e.g., via setPrimeRate), the derived rate parameters (baseRate, optimalRate, and maxRate) remain fixed based on the initial prime rate. This static assignment fails to propagate subsequent changes in the prime rate.
Vulnerability Details
At initialization the contract sets:
baseRate = primeRate.percentMul(25_00)
optimalRate = primeRate.percentMul(50_00)
maxRate = primeRate.percentMul(400_00)
However, there is no mechanism to automatically update these derived parameters when the prime rate changes at https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/core/pools/LendingPool/LendingPool.sol#L678. The relative percentages for the base, optimal, and max rates become inconsistent with the new prime rate, potentially skewing interest calculations.
Impact
Interest Mispricing: Borrowing and lending rates may not reflect current market conditions, leading to distortions in the cost of capital.
Tools Used
Manual Review
Recommendations
Implement a mechanism to recalculate baseRate, optimalRate, and maxRate whenever the prime rate is updated.
Lead Judging Commences
ReserveLibrary::setPrimeRate only updates primeRate without adjusting baseRate, optimalRate, and maxRate proportionally, breaking interest rate model and causing incorrect calculations
ReserveLibrary::setPrimeRate only updates primeRate without adjusting baseRate, optimalRate, and maxRate proportionally, breaking interest rate model and causing incorrect calculations
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.