Submission Details
Severity:
Wrong getTotalDeposits returned will affect the utilizationRate calculations
Summary
The getTotalDeposits returned the wrong amount.
Vulnerability Details
The getTotalDeposits returns the total deposits in the pool
* @notice Gets the total deposits in the pool.
* @return Total deposits amount.
*/
function getTotalDeposits() external view returns (uint256) {
return rToken.balanceOf(address(this));
}
the returned value is however wrong as it returns the interest rate of the last update, this will mean that an incorrect value will be returned.
Impact
This will lead to a wrong calculations of the total deposits which will affect the utilizationRate calculations.
Tools Used
Manual review
Recommendations
Update the state during the call to getTotalDeposits by calling the updateState, this will ensure that an accurate total deposits is return and utilization rate will effectively be calculated.
Updates
Lead Judging Commences
inallhonesty about 2 months ago
Submission Judgement Published Assigned finding tags:
RAACMinter::getUtilizationRate uses stale debt index from LendingPool by not calling updateState() first, leading to incorrect emission rate adjustments
Appeal created
anonymousjoe
about 2 months ago
inallhonesty
about 2 months ago
anonymousjoe
about 2 months ago
inallhonesty
about 2 months ago
inallhonesty about 2 months ago
Submission Judgement Published Assigned finding tags:
LendingPool::getNormalizedIncome() and getNormalizedDebt() returns stale data without updating state first, causing RToken calculations to use outdated values
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.