Incorrect Usage Rate Calculation Due to Faulty Debt Total Supply Formula
Summary
A miscalculation in the total borrow amount leads to an incorrect utilization rate and usage rate. The totalSupply function incorrectly divides scaledSupply by usageIndex instead of multiplying by it, resulting in an underestimation of the total debt amount.
Impact
The miscalculation affects totalUsage, which is used in determining utilization rate.
Utilization rate directly impacts interest rate calculations, leading to incorrect borrowing and lending rates.
Affected Code
Attack Scenario
A user borrows a significant amount, increasing the debt.
The system underestimates the total debt amount due to incorrect division.
Utilization rate appears lower than it actually is, leading to artificially low borrowing rates.
The attacker benefits from lower interests.
Recommended Fix
Modify the totalSupply function to correctly multiply by usageIndex instead of dividing:
This ensures proper tracking of the total debt, leading to accurate utilization and interest rate calculations.
Lead Judging Commences
DebtToken::totalSupply incorrectly uses rayDiv instead of rayMul, severely under-reporting total debt and causing lending protocol accounting errors
DebtToken::totalSupply incorrectly uses rayDiv instead of rayMul, severely under-reporting total debt and causing lending protocol accounting errors
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.