Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Incomplete burn calculation – accrued interest not included

vladislavvankov0

Summary

In the DebtToken.sol contract, the burn function contains a bug where the accrued interest (represented by balanceIncrease) is calculated but never added to the burn amount. This omission allows borrowers to effectively repay their loans without covering the full interest accrued, undermining the protocol’s debt accounting and revenue model.

Vulnerability Details

Within the burn function, the following code snippet is intended to adjust the repayment amount by incorporating accrued interest:

if (_userState[from].index != 0 && _userState[from].index < index) {
uint256 borrowIndex = ILendingPool(_reservePool).getNormalizedDebt();
balanceIncrease = userBalance.rayMul(borrowIndex) - userBalance.rayMul(_userState[from].index);
amount = amount; //@audit balanceIncrease is not added
}

  • The variable balanceIncrease calculates the additional debt due to interest accrual.

  • However, instead of adding balanceIncrease to amount, the code leaves amount unchanged.

  • As a result, when _burn is executed, it burns only the original amount rather than the intended amount + balanceIncrease.

Impact

  • Under-Repayment of Debt:
    Borrowers may repay only the principal portion of their debt, effectively avoiding the full payment of accrued interest. This creates an incentive for users to exploit the discrepancy and reduce their overall repayment obligations.

  • Revenue Loss for the Protocol:
    Interest represents a critical component of the protocol’s revenue. By not accounting for the accrued interest during burn operations, the protocol loses expected revenue, potentially affecting its sustainability.

  • Inaccurate Debt Accounting:
    The inconsistency between interest accrual and burn calculations may lead to discrepancies in user balances and the total debt supply. This undermines the financial integrity and trustworthiness of the protocol.

Tools Used

Manual Code Review

Recommendations

Correct the Burn Calculation:

Update the burn logic to include the accrued interest in the amount to be burned. For example:

if (_userState[from].index != 0 && _userState[from].index < index) {
uint256 borrowIndex = ILendingPool(_reservePool).getNormalizedDebt();
balanceIncrease = userBalance.rayMul(borrowIndex) - userBalance.rayMul(_userState[from].index);
amount = amount + balanceIncrease; // Include accrued interest in the burn amount
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

DebtToken::burn calculates balanceIncrease (interest) but never applies it, allowing borrowers to repay loans without paying accrued interest

Interest IS applied through the balanceOf() mechanism. The separate balanceIncrease calculation is redundant/wrong. Users pay full debt including interest via userBalance capping.

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

DebtToken::burn calculates balanceIncrease (interest) but never applies it, allowing borrowers to repay loans without paying accrued interest

Interest IS applied through the balanceOf() mechanism. The separate balanceIncrease calculation is redundant/wrong. Users pay full debt including interest via userBalance capping.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.