ak1
medium
FixedInterestRateModel.sol#L69 : getSupplyRate can be updated to consider the one more factor utilizationRate like how compound works.
FixedInterestRateModel.sol#L69 : getSupplyRate can be updated to consider the one more factor utilizationRate like how compound works.
The getSupplyRate is done in following way. This always give constant value for a given asset. It does not consider the fluctuation in the market. Such as how is much is utilised.
Whereas, the compound protocol considers the utilizationRate, please refer the below line of codes.
function getSupplyRate(uint cash, uint borrows, uint reserves, uint reserveFactorMantissa) override public view returns (uint) {
uint oneMinusReserveFactor = BASE - reserveFactorMantissa;
uint borrowRate = getBorrowRate(cash, borrows, reserves);
uint rateToPool = borrowRate * oneMinusReserveFactor / BASE;
return utilizationRate(cash, borrows, reserves) * rateToPool / BASE;
above method is handling the case when borrow is zero. whereas the union is not considering if the borrow is zero.
The current method always use the constant set of supply rate irrespective of the market fluctuations. The Borrows being 0 case might also not be fully accounted for.
The protocol may not be healthy enough to deal all the market conditions.
The getSupplyRate is called in following places,
https://github.com/sherlock-audit/2022-10-union-finance/blob/main/union-v2-contracts/contracts/market/UToken.sol#L445-L447
Manual Review
Follow the method how the compound use to fix the supply rate per block. This will be safe always. This might be useful if someone adds uDAI to the comptroller.