·
We continued the Panoptic contest on Code4rena.
Lesson Summary:
- Simulate full sequences (accrue → deposit/withdraw → accrue again) to catch borrow index desync or double-burning shares.
- Verify borrow index always updates proportionally on partial burns — stale index after exact-balance interest payment can wipe users out.
- Cross-check time handling: epoch (4s steps) vs raw block.timestamp mismatches → 0 delta in one contract while the other accrues → state drift.
- Test same-block loops on accrueInterest(): non-incrementing epoch + positive elapsed time can repeatedly inflate borrow rate toward max.Flag asymmetric rate math (faster increases than decreases, uncapped linear adaptation) — suspicious unless docs explicitly justify volatility or one-sided speed.