Incorrect returns of scaledTotalSupply(); and scaledBalanceOf();
Summary
The functions scaledTotalSupply() and scaledBalanceOf() from IDebtToken contract are expecting to returns the scaled total supply and scaled balance of the user. Thats not happening.
Vulnerability Details
mint() function from DebtToken contract returns:
amount variable is in underlying asset units
In LendingPool contract calling mint() function from DebtToken is expecting amount in scaled units passing the values to IDebtToken contract.
Impact
The name of the functions in IDebtToken - scaledBalanceOf and scaledTotalSupply make sense to the caller to receive the scaled balance and scaled total supply. He will receive wrong values.
Recommendations
To fix the issue in contract DebtToken.sol in function mint() the variable uint256 amountToMint should be change from:
to:
Lead Judging Commences
DebtToken::mint incorrectly mints amountToMint (unscaled) instead of amountScaled (scaled), deviating from Aave's pattern and causing incorrect debt tracking
Just a variable naming issue
DebtToken::mint incorrectly mints amountToMint (unscaled) instead of amountScaled (scaled), deviating from Aave's pattern and causing incorrect debt tracking
Just a variable naming issue
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.