The `burn()` function does NOT `mint` `balanceIncrease`
Summary
Function burn() in debtToken, while computing balanceIncrease does not mint such increase in tokens. This increase represents accumulated interest which the user is supposed to pay, so they should be increased like they did in the mint() function.
Vulnerability Details
Consider looking into the mint() function mint(), you'll find that the balanceIncrease is added to the amount, while it is correct incase of minting tokens, but when burning tokens, the function burn() simply does NOT do anything with the balanceIncrease i.e. burn()
As the balanceIncrease represents accumulated interest due to difference in usage index, it should be minted to the user.
Impact
Tokens representing accumulated interest are not minted to the Users
Tools Used
Manual
Recommendations
Consider adding this instead:
Lead Judging Commences
DebtToken::burn calculates balanceIncrease (interest) but never applies it, allowing borrowers to repay loans without paying accrued interest
Interest IS applied through the balanceOf() mechanism. The separate balanceIncrease calculation is redundant/wrong. Users pay full debt including interest via userBalance capping.
DebtToken::burn calculates balanceIncrease (interest) but never applies it, allowing borrowers to repay loans without paying accrued interest
Interest IS applied through the balanceOf() mechanism. The separate balanceIncrease calculation is redundant/wrong. Users pay full debt including interest via userBalance capping.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.