The _repay
function handles debt repayment in the smart contract, updating the reserve state and reducing the debt of a specified user. However, there is a critical issue in the calculation of actualRepayAmount
, which could lead to incorrect debt repayments.
Issue: Incorrect Calculation of actualRepayAmount
Currently, the function calculates the repayable amount using:
This is incorrect because userScaledDebt is derived using rayDiv(reserve.usageIndex), meaning it represents a scaled value, not the actual debt amount.
Users will pay more than necessary, leading to discrepancies in the reserve and user balances
Manual code review
That amount is not actually used.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.