Submission Details
Severity:
DebtToken::totalSupply() returns incorrect value
Description
Inside DebtToken.sol, the totalSupply() function ought to be:
File: contracts/core/tokens/DebtToken.sol
232: function totalSupply() public view override(ERC20, IERC20) returns (uint256) {
233: uint256 scaledSupply = super.totalSupply();
- 234: return scaledSupply.rayDiv(ILendingPool(_reservePool).getNormalizedDebt());
+ 234: return scaledSupply.rayMul(ILendingPool(_reservePool).getNormalizedDebt());
235: }
This is because the overridden _update() function stores the values in a scaled manner by using rayDiv. Hence we need the inverse operation rayMul inside totalSupply():
File: contracts/core/tokens/DebtToken.sol
256: function _update(address from, address to, uint256 amount) internal virtual override {
257: if (from != address(0) && to != address(0)) {
258: revert TransfersNotAllowed(); // Only allow minting and burning
259: }
260:
261:@-------> uint256 scaledAmount = amount.rayDiv(ILendingPool(_reservePool).getNormalizedDebt());
262: super._update(from, to, scaledAmount);
263: emit Transfer(from, to, amount);
264: }
Impact
Can lead to potential issues with any external integrations that might rely on totalSupply(), which is a critical function.
Mitigation
As mentioned in the "Description" section above.
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
DebtToken::totalSupply incorrectly uses rayDiv instead of rayMul, severely under-reporting total debt and causing lending protocol accounting errors
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
DebtToken::totalSupply incorrectly uses rayDiv instead of rayMul, severely under-reporting total debt and causing lending protocol accounting errors
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.