Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

Incorrect scaling when minting DebtToken

topstar

Summary

The amountToMint should be calculated using amountScaled instead of amount to ensure that the minting process correctly reflects the interest accrued. Using amount directly would ignore the scaling factor, leading to incorrect debt token balances. amountScaled represents the amount of debt tokens to be minted, scaled by the usage index. This scaling is necessary to account for the interest accrued over time, which is represented by the usage index.

Vulnerability Details

The usage index represents the cumulative interest accrued over time. It scales the debt balances to account for this interest. When minting debt tokens, the amount needs to be scaled by dividing it by the current usage index. This ensures that the debt tokens minted reflect the correct amount of debt, including the interest accrued.

Code Snippet

DebtToken.sol

[contracts/core/tokens/DebtToken.sol]

136 function mint(

137 address user,

138 address onBehalfOf,

139 uint256 amount,

140 uint256 index

141 ) external override onlyReservePool returns (bool, uint256, uint256) {

142 if (user == address(0) || onBehalfOf == address(0)) revert InvalidAddress();

143 if (amount == 0) {

144 return (false, 0, totalSupply());

145 }

146

147 uint256 amountScaled = amount.rayDiv(index);

148 if (amountScaled == 0) revert InvalidAmount();

149

150 uint256 scaledBalance = balanceOf(onBehalfOf);

151 bool isFirstMint = scaledBalance == 0;

152

153 uint256 balanceIncrease = 0;

154 if (_userState[onBehalfOf].index != 0 && _userState[onBehalfOf].index < index) {

155 balanceIncrease = scaledBalance.rayMul(index) - scaledBalance.rayMul(_userState[onBehalfOf].index);

156 }

157

158 _userState[onBehalfOf].index = index.toUint128();

159

160 uint256 amountToMint = amount + balanceIncrease; // @audit - amountToMint should be calculated using amountScaled instead of amount (uint256 amountToMint = amountScaled + balanceIncrease;)

161

162 _mint(onBehalfOf, amountToMint.toUint128());

163

164 emit Transfer(address(0), onBehalfOf, amountToMint);

165 emit Mint(user, onBehalfOf, amountToMint, balanceIncrease, index);

166

167 return (scaledBalance == 0, amountToMint, totalSupply());

168 }

Impact

Debt tokens minted do not reflect the correct amount of debt, including the interest accrued.

Recommendations

Use amountScaled instead of amount when calculating amountToMint:

- 160 uint256 amountToMint = amount + balanceIncrease;

+ 160 uint256 amountToMint = amountScaled + balanceIncrease;

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Validated

Assigned finding tags:

DebtToken::mint miscalculates debt by applying interest twice, inflating borrow amounts and risking premature liquidations

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.