FixedTermLoanHook
looks at block.timestamp
instead of expiry
#60
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-04
primary issue
Highest quality submission among a set of duplicates
🤖_primary
AI based primary recommendation
🤖_56_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
sufficient quality report
This report is of sufficient quality
Lines of code
https://github.com/code-423n4/2024-08-wildcat/blob/main/src/access/FixedTermLoanHooks.sol#L848
Vulnerability details
Impact
FixedTermLoanHook
looks atblock.timestamp
instead ofexpiry
Proof of Concept
The idea of
FixedTermLoanHook
is to only allow for withdrawals after a certain term end time. However, the problem is that the current implementation does not look at the expiry, but instead at theblock.timestamp
This creates inconsistencies such as forcing users not only to wait until term's end, but also having to wait an extra
withdrawalBatchDuration
before they're able to withdraw their funds.Tools Used
Manual review
Recommended Mitigation Steps
Check the
expiry
instead ofblock.timestamp
Assessed type
Context
The text was updated successfully, but these errors were encountered: