Incorrect Calculation in `totalSupply()` Function of DebtToken
Summary
The totalSupply() function in the DebtToken contract incorrectly calculates the total supply by using rayDiv instead of rayMul to adjust the scaledSupply with the normalized debt. This discrepancy leads to an incorrect total supply value, affecting the protocol's accounting and overall financial integrity.
Vulnerability Details
Incorrect use of rayDiv instead of rayMul.
The function should multiply the scaledSupply by the normalized debt using rayMul to derive the correct total supply.
Actual Behavior:
The function divides thescaledSupplyby the normalized debt usingrayDiv, resulting in an incorrect total supply value.
Impact
-
Incorrect Total Supply
The total supply returned by the function will be significantly lower than the actual value, as division reduces the scaled supply again instead of scaling it up.
-
Accounting Errors:
Incorrect total supply calculations lead to inconsistencies in the protocol's financial accounting, making it difficult to track the actual token supply and user balances.
This two-part will be affected, and the total usage of the reserve will be incorrectly set, impacting all financial operations like borrowIndex.
Mitigation
To fix this issue, the totalSupply() function should be updated to use rayMul instead of rayDiv. Here is the corrected code:
Lead Judging Commences
DebtToken::totalSupply incorrectly uses rayDiv instead of rayMul, severely under-reporting total debt and causing lending protocol accounting errors
DebtToken::totalSupply incorrectly uses rayDiv instead of rayMul, severely under-reporting total debt and causing lending protocol accounting errors
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.