Incorrect Handling of Accrued Interest in DebtToken Burn Function
Summary
The DebtToken contract’s burn function is designed to account for accrued interest via a variable called balanceIncrease. However, the current implementation does not subtract balanceIncrease from the repayment amount (amount), resulting in an under-accounting of the borrower’s total debt. This issue can lead to inaccuracies in debt repayment and affect the overall accounting of accrued interest.
Vulnerability Details
Within the burn function, the contract calculates balanceIncrease as the difference between the user’s current debt (scaled with the updated index) and the previous debt value. This represents the accrued interest since the last update. Ideally, this accrued interest should be subtracted from the amount provided for the burn operation. However, the following line is present in the code:
This self-assignment does nothing, meaning that the accrued interest (balanceIncrease) is not deducted from the amount. As a result, the burn function does not fully account for the increased debt due to accrued interest, potentially leaving the user burning more amount than needed as debt not taken into account.
Why balanceIncrease is Needed:
• Accrued Interest Representation: balanceIncrease captures the additional debt incurred due to interest accrual since the last update. It ensures that any debt repayment reflects both the original principal and the interest that has accumulated.
• Accurate Debt Repayment: For proper debt accounting, borrowers should repay both their principal and the accrued interest. By not subtracting balanceIncrease from the repayment amount, the function fails to reduce the debt accurately, which may lead to discrepancies in the borrower’s debt balance.
Impact
• Inaccurate Debt Accounting: Borrowers may end up repaying more than their full debt obligation, leading to a mismatch in the system’s debt records.
• Financial Imbalance: Inaccurate handling of accrued interest can disrupt the protocol’s economic model by allowing overpayment of debts.
• Protocol Disadvantage: Users may inadvertently repay more than what is owed, potentially resulting in unexpected future liabilities or interest accrual.
Tools Used
Manual audit
Recommendations
• Subtract Accrued Interest: Update the burn function to properly deduct balanceIncrease from the amount before executing the burn logic. For example:
Lead Judging Commences
DebtToken::burn calculates balanceIncrease (interest) but never applies it, allowing borrowers to repay loans without paying accrued interest
Interest IS applied through the balanceOf() mechanism. The separate balanceIncrease calculation is redundant/wrong. Users pay full debt including interest via userBalance capping.
DebtToken::burn calculates balanceIncrease (interest) but never applies it, allowing borrowers to repay loans without paying accrued interest
Interest IS applied through the balanceOf() mechanism. The separate balanceIncrease calculation is redundant/wrong. Users pay full debt including interest via userBalance capping.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.