The computation of `balanceIncrease` in `mint()` is incorrect
Summary
In the mint() function, the scaledBalance variable fetched from balanceOf() is an UNSCALED balance. However, we assume that it is SCALED, this leads to computation of a wrong balanceIncrease which results in minting WRONG number of tokens.
Vulnerability Details
Function mint() computes the amount of debt tokens to be minted to the user. In case the User is making borrow for the second time, we compute the balanceIncrease to account for interest accumulated between previous borrow and current borrow. i.e. mint()
However, the usage of scaledBalance variable for the computation of balanceIncrease is wrong.
Reason being, the call to balanceOf returns an unscaled balance instead of a scaled one. i.e. balanceOf
This scaledBalance is multiplied by the latest usage index which results in an unscaled amount, hence it defeats the purpose of calculating the balanceIncrease as the same value is later multiplied with usage index.
The issue occurs due to wrong call to balanceOf, instead it should have called scaledBalanceOf() function for fetching the correct scaledBalance.
Impact
Wrong amount of tokens will be minted to the user
Tools Used
Manual
Recommendations
Consider replacing the function call with this one
Lead Judging Commences
DebtToken::mint miscalculates debt by applying interest twice, inflating borrow amounts and risking premature liquidations
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.