Improper Debt Scaling in `mint` Function Can Cause Debt Inflation and System Instability
The mint function is responsible for issuing new debt tokens, ensuring that a borrower’s debt balance is accurately tracked while incorporating interest accrual via a usage index. However, the function incorrectly scales debt amounts due to improper order of operations when calculating amountToMint. Specifically, the function calculates amountScaled using amount.rayDiv(index), but then adds an unscaled balanceIncrease directly to amountToMint, leading to an overestimation of debt issuance. Below is the relevant code snippet:
This results in amountToMint being larger than it should be, meaning that:
More debt tokens are minted than the borrower actually borrowed.
The borrower’s recorded debt becomes inflated, leading to incorrect accounting of total outstanding debt.
Over time, the protocol accumulates unintended excess debt, increasing systemic risk.
Impact
Debt balances become overestimated, leading to inflation of the total supply of debt tokens.
Mitigation
Ensure amountToMint correctly accounts for scaling by applying rayDiv(index) consistently to both amount and balanceIncrease before summing them.
Lead Judging Commences
DebtToken::mint miscalculates debt by applying interest twice, inflating borrow amounts and risking premature liquidations
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.