Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Unaccounted Balance Increase in burn

kwakudr

Summary

The burn function calculates balanceIncrease (accrued interest) but does not adjust the amount to burn accordingly. This allows users to repay debt without accounting for accrued interest.

Vulnerability Details

function burn(
address from,
uint256 amount,
uint256 index
) external override onlyReservePool returns (uint256, uint256, uint256, uint256) {
if (from == address(0)) revert InvalidAddress();
if (amount == 0) {
return (0, totalSupply(), 0, 0);
}
uint256 userBalance = balanceOf(from);
uint256 balanceIncrease = 0;
if (_userState[from].index != 0 && _userState[from].index < index) {
uint256 borrowIndex = ILendingPool(_reservePool).getNormalizedDebt();
balanceIncrease = userBalance.rayMul(borrowIndex) - userBalance.rayMul(_userState[from].index);
amount = amount;
}
_userState[from].index = index.toUint128();
if(amount > userBalance){
amount = userBalance;
}
uint256 amountScaled = amount.rayDiv(index);
if (amountScaled == 0) revert InvalidAmount();
_burn(from, amount.toUint128());
emit Burn(from, amountScaled, index);
return (amount, totalSupply(), amountScaled, balanceIncrease);
}

Debt repayment must include both the principal and accrued interest. Ignoring balanceIncrease lets users bypass interest payments.

The burn function calculates balanceIncrease (accrued interest) but does not add it to the user's debt before burning. This allows users to repay debt without covering accrued interest, understating their total obligations.

uint256 balanceIncrease = userBalance.rayMul(borrowIndex) - userBalance.rayMul(_userState[from].index);
_userState[from].index = index.toUint128();
_burn(from, amount.toUint128());

balanceIncrease = interest accrued since the user’s last interaction.

The user’s index is updated to the parameter index (not the current index).

Burns amount without first minting balanceIncrease to the user’s debt.

Impact

Debt repayment must include both the principal and accrued interest. Ignoring balanceIncrease lets users bypass interest payments. Users can strategically repay before interest accrual to minimize costs.

Tools Used

Foundry

Recommendations

Mint balanceIncrease to the user’s scaled balance before burning.

Ensure the burned amount includes both principal and interest.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

DebtToken::burn calculates balanceIncrease (interest) but never applies it, allowing borrowers to repay loans without paying accrued interest

Interest IS applied through the balanceOf() mechanism. The separate balanceIncrease calculation is redundant/wrong. Users pay full debt including interest via userBalance capping.

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

DebtToken::burn calculates balanceIncrease (interest) but never applies it, allowing borrowers to repay loans without paying accrued interest

Interest IS applied through the balanceOf() mechanism. The separate balanceIncrease calculation is redundant/wrong. Users pay full debt including interest via userBalance capping.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.