Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Nukem Loans>Critical findings>[FIXED] Interest can be stolen by staking for one block before rebases
GeneralOverview
Findings
Critical (3)Collateral inflationFree liquidationInterest theft
High (3)
Medium (2)
Low (1)
DiscussionInitializer called in constructorBorrowing on behalf of the Market contractPotential storage-collision issueSaferERC20 additional checksEIP-712 implementationMarket setters should only be called onceUtilizing eth-brownie for testingCentralizationAMM oracle pricing
Threat ModelWhat are threat models?AbstractSwapper.solAuctions.solCollateral.solCredit.solDebt.solEIP712.solERC20Base.solERC20Permit.solEnFi4626.solLendingStrategy.solMarket.solProxyManager.solRoles.solSaferERC20.solUniswapV2Swapper.sol
Audit ResultsSummary
Category: Business Logic

[FIXED] Interest can be stolen by staking for one block before rebases

Critical Severity
Critical Impact
High Likelihood

Description

By being a creditor for the last possible block before a rebase, and then redeeming their stake in the next block, a user can accrue the vast majority of interest without contributing or exposing themselves to market risk.

Impact

A user can stake a two-block credit with a very large amount of capital to get almost all the interest without participating in the protocol mechanic.

Recommendations

Add a minimum stake period.

Remediation

The Nukem team has fixed this issue by introducing a CreditLockPayment mechanism, default configured to 1 day, which was added in commit bec528a9. This ensures that creditors stay locked in their positions.

Zellic © 2024Back to top ↑