Upgraded Q -> 2 from #332 [1706646042460] #1279
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
duplicate-1057
partial-50
Incomplete articulation of vulnerability; eligible for partial credit only (50%)
Comments
c4-judge
added
the
2 (Med Risk)
c4-judge
added a commit
that referenced
this issue
Jan 30, 2024
|
Trumpero marked the issue as duplicate of #1057 |
|
This issue should receive only 50% partial credit due to its lack of quality. |
c4-judge
added
the
partial-50
|
Trumpero marked the issue as partial-50 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Judge has assessed an item in Issue #332 as 2 risk. The relevant finding follows:
params.maxDelayBetweenPartialRepay should never be zero
In LendingTerm.partialRepayDelayPassed, the code makes it return false if maxDelayBetweenPartialRepay is set to 0, which stands to reason. However, due to this, that value will prevent anyone from calling an underwater loan, unless the entire gauge gets deprecated, which seems pretty drastic. We recommend never to allow this parameter to be zero, considering how easy it is to get bad debt and require the gauge to be deprecated.
The text was updated successfully, but these errors were encountered: