Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

RAACMinter utilization calculation is completely broken due to wrong values and decimal mismatch

shui

Summary

The getUtilizationRate() function in RAACMinter has multiple critical issues:

Uses usage index (ray 27 decimals) instead of actual borrowed amount
Uses StabilityPool deposits instead of LendingPool deposits
Has decimal mismatches in calculations

Vulnerability Details:

In RAACMinter, getUtilizationRate() attempts to calculate the protocol's utilization rate but uses incorrect values, according to the doc it should use the lending pool to get the system utilization.

function getUtilizationRate() internal view returns (uint256) {

uint256 totalBorrowed = lendingPool.getNormalizedDebt(); // @audit WRONG: returns usage index (27 decimals) instead of total borrowed

uint256 totalDeposits = stabilityPool.getTotalDeposits(); // @audit WRONG: uses stability pool instead of lending pool deposits

if (totalDeposits == 0) return 0;

return (totalBorrowed * 100) / totalDeposits;

}

The issues are:

getNormalizedDebt() returns the usage index (27 decimals) instead of actual borrowed amount:

// LendingPool.sol

function getNormalizedDebt() external view returns (uint256) {

return reserve.usageIndex; // Returns normalization index, not total debt!

}

Uses StabilityPool deposits when it should use LendingPool's reserve.totalLiquidity for utilization calculation

Even if correct values were used, there's a decimal mismatch in the calculation

This broken utilization is then used in calculateNewEmissionRate():

function calculateNewEmissionRate() internal view returns (uint256) {

uint256 utilizationRate = getUtilizationRate(); // Completely wrong value

uint256 adjustment = (emissionRate \* adjustmentFactor) / 100;

if (utilizationRate > utilizationTarget) { // Will be incorrect comparison

uint256 increasedRate = emissionRate + adjustment;

uint256 maxRate = increasedRate > benchmarkRate ? increasedRate : benchmarkRate;

return maxRate < maxEmissionRate ? maxRate : maxEmissionRate;

}

...

Impact:

Protocol's emission rate adjustment mechanism is completely broken
Utilization calculation uses wrong pool deposits
Uses index value instead of actual borrowed amount
Mismatched decimals in calculations
Could lead to incorrect emission rates
Core protocol tokenomics rendered ineffective

Tools Used:
Manual Review

Recommendations:

Use the calculateUtilizationRate from the ReserveLibrary

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

RAACMinter::getUtilizationRate incorrectly mixes stability pool deposits with lending pool debt index instead of using proper lending pool metrics

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

RAACMinter::getUtilizationRate incorrectly mixes stability pool deposits with lending pool debt index instead of using proper lending pool metrics

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!