the function repay will revert due to underflow if a user borrows 2nd time after borrowing 1st time and then if the user repays the full debt.
Summary
** when a user borrows 1st time , the borrowed amount is divided by reserve.usageIndex and the output is added to user.scaledDebtBalance, also the output amount is minted as debt token to the borrower. When the user borrows 2nd time , again the new borrowed amount is divided by reserve.usageIndex and the output is added to user.scaledDebtBalance. But during 2nd time borrowing, new borrowed amount + balanceIncrease(interest accrued) is divided by reserve.usageIndex and the output amount is minted as debt tokens to the borrower. Now the user’s debt token total balance is bigger than user.scaledDebtBalance. Now when the user repays the full debt , then amountScaled = amount.rayDiv(index) i.e user total debt token balance is returned as amountBurned in the _repay function. Afterthat, amountBurned is subtracted from user.scaledDebtBalance which will revert due to underflow because amountBurned is bigger than user.scaledDebtBalance.**
Vulnerability Details
1. Let’s assume, currently reserve.usageIndex = 1.1e27(this is just for example) and alice borrows 100 crvUSD from lendingpool, so alice gets 100/1.1 = 90.9 debt tokens and _userState[alice].index for alice in debt token is set to 1.1e27. Alice’s user.scaledDebtBalance is set to 100/1.1 = 90.9 in the borrow function(lendingpool),
2. afterthat, reserve.usageIndex becomes 1.2e27 and alice again borrows 100 crvUSD from lendingpool. See function mint(DebtToken.sol) where alice’s balanceIncrease = 90.9*1.2 - 90.9*1.1 = 109 - 100 = 9. So amountToMint = 100+9 = 109 and 109/1.2 = 90.8 debt token is minted to alice. Alice’s user.scaledDebtBalance is updated to 90.9+100/1.2 = 174.2 in the borrow function(lendingpool).
3. afterthat, reserve.usageIndex becomes 1.3e27. Currently alice’s total debt tokens = 90.9+90.8 = 181.7, so alice total debt = 90.9*1.3+90.8*1.3 = 1.3*181.7 = 236.2, now if alice want to repay full debt,she has to repay 236.2,
4. alice calls the function repay with 236.2 amount to repay full debt which calls function _repay where debt token’s burn function is called where amountScaled = 236.2/1.3 = 181.6, now amountScaled 181.6 is returned as amountBurned in the _repay function. Alice’s user.scaledDebtBalance is 174.2. Now amountBurned is subtracted from user.scaledDebtBalance i.e user.scaledDebtBalance -= amountBurned i.e 174.2 - 181.6 = -7.4 which will revert due to underflow.
**
**
Impact
function repay will revert due to underflow and if the users can’t repay, their position may be liquidated without their intentions.
Tools Used
manual review
Recommendations
** add balanceIncrease(interest accrued) by scaling to the user.scaledDebtBalance, when users borrows after 1st time. **
Lead Judging Commences
DebtToken::mint miscalculates debt by applying interest twice, inflating borrow amounts and risking premature liquidations
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.