This repository has been archived by the owner on May 26, 2023. It is now read-only.
rvierdiiev - Vault_Lyra will continue calculate interests when contract is paused #38
Comments
|
Unsure on this one, the related issue is true but intended design. However for other issues raised we have decided to allow loans to be closed when a Vault is paused and so this issue would be fixed passively. |
|
Changed from disputed to confirmed to be consistent with issue #234, advising Medium severity as it was an intended feature originally. |
|
Duplicate of #234 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
rvierdiiev
high
Vault_Lyra will continue calculate interests when contract is paused
Summary
Vault_Lyra will continue calculate interests when is paused and noone will be able to close his loan.
Vulnerability Detail
If Vault_Lyra contract will be pause that means that no one will be able to call closeLoan function and close his loan(because it uses whenNotPaused modifier).
That would be fine if no interests were accrued in that period. But interests accruing is not stopping.
So when the contract will be unpaused and users will be allowed to close their loans they might pay more interests that they were expected.
Example.
1.User wants to close his loan were 100$ of interests are accrued at the moment.
2.Owner pauses Vault_Lyra.
3.User couldn't close loan and should wait.
4.After some long time contract is unpaused and now user have 150$ of interests that he should pay.
5.As a result user lost 50$.
Also the same problem is present in Vault_Synth contract.
Impact
Lost of funds for the users who wanted to close their loans.
Code Snippet
https://github.com/sherlock-audit/2022-11-isomorph/blob/main/contracts/Isomorph/contracts/Vault_Lyra.sol#L209
Tool used
Manual Review
Recommendation
Allow users to close their loans when contract is paused. Or stop accruing interests for them.
Duplicate of #234
The text was updated successfully, but these errors were encountered: