Incorrect calculation in LendingPool.sol
Summary
The _repay function handles debt repayment in the smart contract, updating the reserve state and reducing the debt of a specified user. However, there is a critical issue in the calculation of actualRepayAmount, which could lead to incorrect debt repayments.
Vulnerability Details
Issue: Incorrect Calculation of actualRepayAmount
Currently, the function calculates the repayable amount using:
This is incorrect because userScaledDebt is derived using rayDiv(reserve.usageIndex), meaning it represents a scaled value, not the actual debt amount.
Impact
Users will pay more than necessary, leading to discrepancies in the reserve and user balances
Tools Used
Manual code review
Recommendations
Lead Judging Commences
LendingPool::_repay caps actualRepayAmount at userScaledDebt instead of userDebt, preventing users from repaying full debt with interest in one transaction
That amount is not actually used.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.