Submission Details
Severity:
Total supply in the debt token is wrong.
Summary
The totalSupply function divided the scaled total supply by the usage index instead of multiplying it, causing the total supply to be incorrect.
Vulnerability Details
The totalSupply function in the debt token divides the scaled total supply, as we can see:
function totalSupply() public view override(ERC20, IERC20) returns (uint256) {
uint256 scaledSupply = super.totalSupply();
return scaledSupply.rayDiv(ILendingPool(_reservePool).getNormalizedDebt());
}
This differs from the expected behavior of the debt token, which should multiply it, as seen in the balanceOf function.
function balanceOf(address account) public view override(ERC20, IERC20) returns (uint256) {
uint256 scaledBalance = super.balanceOf(account);
return scaledBalance.rayMul(ILendingPool(_reservePool).getNormalizedDebt());
}
Impact
This discrepancy breaks the protocol’s calculations by resulting in an incorrect total supply.
Tools Used
manual review
Recommendations
refactor the totalSupply function to multiply the total supply.
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
DebtToken::totalSupply incorrectly uses rayDiv instead of rayMul, severely under-reporting total debt and causing lending protocol accounting errors
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
DebtToken::totalSupply incorrectly uses rayDiv instead of rayMul, severely under-reporting total debt and causing lending protocol accounting errors
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.