Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Stale Data in DebtToken

aariiif

Summary

DebtToken's balanceOf function uses potentially stale normalized debt values from LendingPool, allowing users to manipulate their debt positions by timing transactions around index updates.

Vulnerability Details

balanceOf relies on ILendingPool.getNormalizedDebt(), which may not be updated.

DebtToken.sol#balanceOf

function balanceOf(address account) public view override(ERC20, IERC20) returns (uint256) {
uint256 scaledBalance = super.balanceOf(account);
return scaledBalance.rayMul(ILendingPool(_reservePool).getNormalizedDebt());
}

Impact

Incorrect debt calculations.

Tools Used

manual

Recommendations

Ensure LendingPool updates state before critical operations.

// In LendingPool.sol
function updateState() public returns (uint256) {
uint256 previousIndex = _normalizedDebt;
uint256 timeDelta = block.timestamp - lastUpdateTimestamp;
if (timeDelta > 0) {
uint256 interestRate = _calculateInterestRate();
_normalizedDebt = _normalizedDebt.rayMul(
interestRate.rayMul(timeDelta)
);
lastUpdateTimestamp = block.timestamp;
emit StateUpdated(_normalizedDebt, interestRate);
}
return _normalizedDebt;
}
// Add state update checks to critical functions
function borrow(uint256 amount) external {
updateState();
// Continue with borrow logic
}
function repay(uint256 amount) external {
updateState();
// Continue with repay logic
}
function liquidate(address user) external {
updateState();
// Continue with liquidation logic
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::getNormalizedIncome() and getNormalizedDebt() returns stale data without updating state first, causing RToken calculations to use outdated values

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!