Audit review for 2024-04-interest-rate-model from sherlock

1.The calculation of released in config function of RewardsController is wrong

summary

rewardData.lastConfig = uint32(block.timestamp);
...
released =
    rewardData.lastConfigReleased + rewardData.releaseRate * (block.timestamp - rewardData.lastConfig);

As we can see, the protocol uses the time period from lastConfig to the present to calculate the released amount. However, consider a scenario where the start time is set in the future.

root cause
protocol assume start time is equal to the configuration time.

2.Expired maturities longer than FixedLib.INTERVAL with unaccrued earnings may be arbitraged and/or might lead to significant bad debt creation

summary

>     uint256 latestMaturity = block.timestamp - (block.timestamp % FixedLib.INTERVAL);
>     uint256 maxMaturity = latestMaturity + maxFuturePools * FixedLib.INTERVAL;

      for (uint256 maturity = latestMaturity; maturity <= maxMaturity; maturity += FixedLib.INTERVAL) {
        FixedLib.Pool storage pool = fixedPools[maturity];
        uint256 lastAccrual = pool.lastAccrual;

        if (maturity > lastAccrual) {
          backupEarnings += block.timestamp < maturity
            ? pool.unassignedEarnings.mulDivDown(block.timestamp - lastAccrual, maturity - lastAccrual)
            : pool.unassignedEarnings;
        }
      }

when calculate latestMaturity use block.timestamp - (block.timestamp % FixedLib.INTERVAL) which can lead to a replay more than 1 INTERVAL not accounted.
root cause
block.timestamp - (block.timestamp % FixedLib.INTERVAL) has a time range.