[H-07] Wrong arithmetic operation to obtain totalSupply() of DebtToken
Summary
The totalSupply() function performs a division of the scaled supply by the usage index but it should instead perform a multiplication.
Vulnerability Details
Performing the division to obtain the "non-scaled" version, aka the version that takes into account the current index, will result in unexpected outcomes.
As shown in every other function of the contract, the design by which the balances of the token are handled by the _update() function and the "index-based" design in general, the way to take into account the current index with respect to the old is to multiply the previously "scaled" balances by the current index.
Impact
Any function/contract relying on the totalSupply of the DebtToken will be impacted negatively due to receiving and updating their internal state based on erroneous information.
Tools Used
Manual review.
Recommendations
Simply switch rayDiv() for rayMul().
return scaledSupply.rayMul(ILendingPool(_reservePool).getNormalizedDebt());
Lead Judging Commences
DebtToken::totalSupply incorrectly uses rayDiv instead of rayMul, severely under-reporting total debt and causing lending protocol accounting errors
DebtToken::totalSupply incorrectly uses rayDiv instead of rayMul, severely under-reporting total debt and causing lending protocol accounting errors
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.