Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Incorrect return value in `ReserveLibrary::getNormalizedDebt` when timeDelta is zero

0xlouistsai

Summary

The ReserveLibrary::getNormalizedDebt function incorrectly returns reserve.totalUsage instead of reserve.usageIndex when timeDelta < 1. This leads to inaccurate calculations for normalized debt, potentially affecting borrowing and repayment logic.

Vulnerability Details

Problem description

The function getNormalizedDebt is designed to calculate the normalized debt based on the reserve’s state.
When timeDelta < 1, the function returns reserve.totalUsage, which is incorrect.
The correct return value should be reserve.usageIndex, as usageIndex represents the normalized debt scaling factor.
This issue can lead to incorrect debt calculations and affect lending protocol operations.

Affected Code in getNormalizedDebt

/**

* @notice Gets the normalized debt of the reserve.

* @param reserve The reserve data.

* @return The normalized debt (in underlying asset units).

function getNormalizedDebt(ReserveData storage reserve, ReserveRateData storage rateData) internal view returns (uint256) {

uint256 timeDelta = block.timestamp - uint256(reserve.lastUpdateTimestamp);

if (timeDelta < 1) {

return reserve.totalUsage; // @audit-issue should return `reserve.usageIndex` not `reserve.totalUsage`

}

return calculateCompoundedInterest(rateData.currentUsageRate, timeDelta).rayMul(reserve.usageIndex);

}

Steps to reproduce

Call getNormalizedDebt when timeDelta < 1.
Observe that the function returns reserve.totalUsage instead of reserve.usageIndex.
Confirm that reserve.usageIndex is the correct scaling factor for normalized debt.

Impact

Inaccurate debt calculations: Borrowers and lenders are affected due to incorrect debt tracking.

Tools Used

Manual Review

Recommendations

Change the return value when timeDelta < 1 to reserve.usageIndex.
Verify that the usageIndex is correctly updated in other parts of the contract.
Test the function to ensure proper calculations of normalized debt.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Validated

Assigned finding tags:

getNormalizedDebt returns totalUsage (amount) instead of usageIndex (rate) when timeDelta < 1, breaking interest calculations across the protocol

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Validated

Assigned finding tags:

getNormalizedDebt returns totalUsage (amount) instead of usageIndex (rate) when timeDelta < 1, breaking interest calculations across the protocol

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.