The new version of the contract doesn't allow UserManager.updateFrozenInfo to be called from UToken. Hence, if a borrower is overdue he will not be able to call UToken._repayBorrowFresh to repay his principal.

When UToken._repayBorrowFresh is called with an overdue borrower as borrower, the call to UToken._repayBorrowFresh will always revert if repayAmount >= interest because updateFrozenInfo is called on the UserManager contract:

if (isOverdue) { // For borrowers that are paying back overdue balances we need to update their // frozen balance and the global total frozen balance on the UserManager IUserManager(userManager).updateFrozenInfo(borrower, 0);

But UserManager.updateFrozenInfo cannot be called from the UToken contract. Only the Comptroller contract can call this function:

function updateFrozenInfo(address staker, uint256 pastBlocks) external onlyComptroller returns (uint256, uint256) { return _updateFrozen(staker, pastBlocks); }

When a borrower is overdue he will not be able to repay is principal. Any call to UToken._repayBorrowFresh with repayAmount >= interest will revert.

IUserManager(userManager).updateFrozenInfo(borrower, 0);

function updateFrozenInfo(address staker, uint256 pastBlocks) external onlyComptroller returns (uint256, uint256) {

Manual Review

Add access for the UToken contract to UserManager.updateFrozenInfo by using this modifier:

modifier onlyMarketOrComptroller() { if (address(uToken) != msg.sender && address(comptroller) != msg.sender) revert AuthFailed(); _; }