Falendar - offer.maxDeadline is used instead of extendedTime when calculating the fee
#1007
Comments
sherlock-admin3
changed the title
offer.maxDeadline is used instead of extendedTime when calculating the feeoffer.maxDeadline is used instead of extendedTime when calculating the fee
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Falendar
High
offer.maxDeadlineis used instead ofextendedTimewhen calculating the feeSummary
The feeOfMaxDeadline formula incorrectly uses
offer.maxDeadline, which leads to incorrect fee calculations for loan extensions.Root Cause
Incorrect use of
offer.maxDeadlinein the fee calculation formula instead of usingextendedTime.offer.maxDeadlinerepresents the loan max deadline, whileextendedTimerepresents the loan duration after the loan extension.Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
Example scenario:
offer.maxDeadline = 10 daysextendedTime = 5 daysfeePerDay = 100 unitsUsing the incorrect formula with
offer.maxDeadline:offer.maxDeadline = 864000 seconds(10 days)feeOfMaxDeadline = ((864000 * 100) / 86400);feeOfMaxDeadline = 1000 units
Using the correct formula with
extendedTime:extendedTime = 432000 seconds(5 days)feeOfMaxDeadline = ((432000 * 100) / 86400);feeOfMaxDeadline = 500 units
The user would be overcharged by 500 units if the system uses the wrong formula with
offer.maxDeadline.PoC
No response
Mitigation
Use
extendedTimeinstead ofoffer.maxDeadlinewhen calculatingfeeOfMaxDeadline.The text was updated successfully, but these errors were encountered: