borrowers have to pay more interest than expected when borrowers borrow 2nd/3rd etc time after borrowing 1st time.
Summary
when a user borrows 1st time the borrowed amount is divided by reserve.usageIndex and the output amount of this division is minted as debt tokens to the borrower. When this user borrows 2nd time, previous debt tokens accrued interest is minted to the borrower but previous debt token is not adjusted/reduced based on current reserve.usageIndex(only new borrowed amount is divided by current reserve.usageIndex and the output amount is minted to borrower). As a result, when the user repay debt , the previous debt tokens(1st time borrow) interest will be again accounted for from previous(during 1st time borrowing reserve.usageIndex) reserve.usageIndex , so the user has to pay more interest than expected.
Vulnerability Details
1. Let’s assume, currently reserve.usageIndex = 1.1e27(this is just for example) and alice borrows 100 crvUSD from lendingpool, so alice gets 100/1.1 = 90.9 debt tokens and _userState[alice].index for alice in debt token is set to 1.1e27.
2. afterthat, reserve.usageIndex becomes 1.2e27 and alice again borrows 100 crvUSD from lendingpool. See function mint(DebtToken.sol) where alice’s balanceIncrease = 90.9*1.2 - 90.9*1.1 = 109 - 100 = 9. So amountToMint = 100+9 = 109 and 109/1.2 = 90.8 debt token is minted to alice. As alice’s previous 90.9 debt token’s interest 9 (from 1.1 to 1.2) is accounted,so for previous borrowed 100 crvUSD alice debt token should be 100/1.2 = 83.3. As for previous borrowed 100 crvUSD, alice debt token is not reduced to 100/1.2 = 83.3, so again alice has to pay interest from 1.1 for previous 90.9 debt token(here interest should be paid from 1.2).
3. afterthat, reserve.usageIndex becomes 1.3e27. Currently alice’s total debt tokens = 90.9+90.8 = 181.7, so alice total debt = 90.9*1.3+90.8*1.3 = 1.3*181.7 = 236.2, now if alice want to repay full debt,she has to repay 236.2, but alice’s real full debt is (100/1.1)*1.3+(100/1.2)*1.3 = (90.9+83.3)*1.3 =174.2*1.3 = 226.4, so Alice has to pay 10 more tokens.
\
Impact
** borrowers have to pay more interest than expected.Borrowers have to pay more than more than their actual owed amount.**
Tools Used
manual review
Recommendations
when calculating amountToMint in the mint function(DebtToken.sol), don’t add balanceIncrease with amount.
Lead Judging Commences
DebtToken::mint miscalculates debt by applying interest twice, inflating borrow amounts and risking premature liquidations
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.