Incorrect amount is burned in Debt token contract
Summary
burn function of DebtToken contract, burns incorrect amount of debtTokens. Input argument amountis in terms of asset Tokens, so amountScaled would be the corresponding Debt Token amount.
Instead of burning amountScaled, function burns amount, causing loss of funds to protocol.
Vulnerability Details
The `burn` function improperly uses raw amount instead of scaled debt amount (`amountScaled`) when burning debt tokens:
Impact
Whenever users repay the debt in partial amounts, It causes Over-burning of DebtTokens (if interest has accrued, index > 1), which causes loss of funds to the protocol.
users will pay lesser debt than they have to. Can be exploited by malicious attackers to steal funds from protocol.
Tools Used
Manual review
Recommendations
burn amountScaled instead of amount.
Lead Judging Commences
DebtToken::burn incorrectly burns amount (asset units) instead of amountScaled (token units), breaking token economics and interest-accrual mechanism
DebtToken::burn incorrectly burns amount (asset units) instead of amountScaled (token units), breaking token economics and interest-accrual mechanism
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.