Summary
borrow computes the loan due date with a raw u64 addition:
due_at: now + duration_secs, // ❌ no overflow guard
If duration_secs is set close to u64::MAX, the addition wraps to a small past value. The BorrowPosition.due_at field would indicate the loan is immediately overdue upon creation. Although the current contract has no on-chain enforcement of the due date (no auto-liquidation), any off-chain system or future contract upgrade that checks due_at < now would incorrectly treat the loan as overdue from the moment it was created.
Location
contracts/liquidity-pool/src/lib.rs, borrow
due_at: now + duration_secs, // ❌
Fix
due_at: now.checked_add(duration_secs)
.expect("loan due_at timestamp overflows u64"),Also add a reasonable upper bound on duration_secs (e.g., one year) to prevent unreasonably long-dated loans that effectively become permanent.
Summary
borrowcomputes the loan due date with a raw u64 addition:If
duration_secsis set close tou64::MAX, the addition wraps to a small past value. TheBorrowPosition.due_atfield would indicate the loan is immediately overdue upon creation. Although the current contract has no on-chain enforcement of the due date (no auto-liquidation), any off-chain system or future contract upgrade that checksdue_at < nowwould incorrectly treat the loan as overdue from the moment it was created.Location
contracts/liquidity-pool/src/lib.rs,borrowFix
Also add a reasonable upper bound on
duration_secs(e.g., one year) to prevent unreasonably long-dated loans that effectively become permanent.