Repay event is emitted with wrong value
Summary
At the end of repay function there is an event informing how much tokens were repaid, but because of wrong calculations it returns incorrect amount.
Vulnerability Details
The limit is userScaledDebt, which is wrong because the actual limit should be userDebt.
It will be easiest to show this with an example:
user borrows 1000 tokens at index 1, his userScaledDebt is equal to 1000
usageIndex goes up to 1.1, so he owns 1100 now
user repays, he enters 1100
line 7: balanceOf returns 1100 (because it multiplies 1000 by index which is 1.1 now)
line 8: 1100 / 1.1 = 1000
line 11: actualRepayAmount = 1000
lines 15: event emitts 1000, when user actually paid 1100
Impact
Event with inaccurate information is emitted.
Tools Used
Manual Review
Recommendations
The best would be to log amountScaled, because this is the actual amount of tokens send by the user to the protocol
Lead Judging Commences
LendingPool::_repay emits Repay event with capped actualRepayAmount instead of the real amountScaled value that was transferred, causing misleading event data
LendingPool::_repay emits Repay event with capped actualRepayAmount instead of the real amountScaled value that was transferred, causing misleading event data
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.