Wrong calculation of utilization rate in RAACMinter.sol makes the emission rate equals maxRate at all time.
Summary
The RAACMinter mints RAACTokens based on the utilization rate (ratio of totalBorrowed to totalStaked), but it wrongly calculates the utilization rate, causing the minter to mint at max emission rate.
Vulnerability Details
Before calculating the emission rate in calculateNewEmissionRate(), the function gets the utilization rate in getUtilizationRate(), but the function uses the usageIndex(borrowRate) and total staked in the stabilityPool, to get the utilization rate.
Since usageIndex is in RAY(1e27) and the staked RTokens is in 18 decimals, this will make the utilization rate 100 until ~1,000,000,000 RTokens are staked. The usage index is always growing, so it is more likely for the utilization rate to be 100 than for it to come down.
Impact
Emission rate will climb to 100% at a 5% rate and stay there til ~1,000,000,000 RTokens are staked, which means at least 1 Billion crvUSD deposited and everyone staked their RTokens.
Tools Used
Manual Review
Recommendations
If the developers want to compare the ration of total borrowed and total staked, import DebtToken and WadRayMath library to the contract, and get the borrowed amount + interest by calling rayMul on totalSupply of debtToken and current usageIndex.
Lead Judging Commences
RAACMinter::getUtilizationRate incorrectly mixes stability pool deposits with lending pool debt index instead of using proper lending pool metrics
RAACMinter::getUtilizationRate incorrectly mixes stability pool deposits with lending pool debt index instead of using proper lending pool metrics
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.