Overflow bug: interest could be negative in FeeManager #245
Description
In the logic of consuming _cr.correction, it assumed new interest is going to larger than _cr.correction, thus the forced conversion to uint256 and setting _cr.correction to 0. If the borrower made huge principal payment in the middle cycle and accumulated big negative _cr.correction and left a tiny balance, the new interest will be very small positive number, not enough to offset the accumulated big negative number, this would lead to overflow.