Incorrect Utilization Rate Calculation in `updateInterestRatesAndLiquidity`
Summary
The function updateInterestRatesAndLiquidity in ReserveLibrary is called after each transaction in LendingPool. However, it incorrectly calculates the utilization rate using old values instead of the newly calculated ones. This leads to inaccurate interest rate calculations, potentially causing fund loss for some users.
Vulnerability Details
The function calculates computedDebt and computedLiquidity based on current indexes but when calculating the utilization rate, it still relies on the old values instead of using the newly computed ones:
Impact
When no new liquidity or debt is added or removed, reserve.totalLiquidity and reserve.totalUsage remain unchanged, while the actual debt and liquidity amounts increase due to interest rate accrual. Over time this discrepancy grows larger, causing the next user to receive a highly inaccurate utilization rate. As a result, the borrowing and liquidity rates will be significantly miscalculated.
Borrowers and lenders will experience inaccurate interest rates.
Tools Used
vscode
Recommendations
Lead Judging Commences
ReserveLibrary calculates computedDebt and computedLiquidity but never uses them, leading to stale totalUsage and totalLiquidity values in utilization rate calculations
ReserveLibrary calculates computedDebt and computedLiquidity but never uses them, leading to stale totalUsage and totalLiquidity values in utilization rate calculations
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.