Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

Double Interest Accounting in `DebtToken` Minting function

elhajin

Summary

The DebtToken contract's mint function contains an accounting error where interest is double-counted, leading to borrowers being overcharged when borrowing again . This occurs because accrued interest is both added directly to the operation amount and then scaled again by the current interest index.

Vulnerability Details

The vulnerability exists in debtToken contract , in its mint function, where interest is accounted for twice:

First through direct addition of balanceIncrease to the operation amount
Then through scaling by the current interest index

In mint():

function mint(...) {

uint256 scaledBalance = balanceOf(onBehalfOf);

uint256 balanceIncrease = 0;

if (_userState[onBehalfOf].index != 0 && _userState[onBehalfOf].index < index) {

balanceIncrease = scaledBalance.rayMul(index) - scaledBalance.rayMul(_userState[onBehalfOf].index);

}

// @audit-issue: Double counting interest

uint256 amountToMint = amount + balanceIncrease;

_mint(onBehalfOf, amountToMint.toUint128());

}

Example

Consider a scenario where :

Initial debt: 100 tokens
Interest index increase: 1.0 → 1.1 (10% interest)
New borrow amount: 50 tokens

Current Implementation (Incorrect):

1. Calculate interest on existing debt:

balanceIncrease = 100 * (1.1 - 1.0) = 10 tokens

2. Add balanceIncrease to new borrow:

amountToMint = 50 + 10 = 60 tokens , which mints : 54.54 Rtokens

Total new debt :

finalDebt = 154.54 * 1.1 = 170 tokens

- the user encountered an additional 10 tokens of interest immediately (doubled)

Correct Implementation:

1. mint only new borrow (scaled):

newRtokens = 50 / 1.1 = 45.46 Rtokens ,

Total new debt = 145.46 * 1.1 = 160 tokens

- that's correctly minted debt , as the user borrowed 150 tokens in total , and have 10 tokens of interest accrued from the previous debt

Impact

Double interest accounting causes Users get charged extra interest immediately , the impact depends on how much the index have grown , the more the UsageIndex the more the user gets charged unfairly.

Tools Used

Manual code review
Mathematical analysis

Recommendations

Remove direct interest addition in mint :

// mint function :

function mint(...) {

// ... interest calculation ...

- uint256 amountToMint = amount + balanceIncrease;

+ uint256 amountToMint = amount;

_mint(onBehalfOf, amountToMint.toUint128());

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

DebtToken::mint miscalculates debt by applying interest twice, inflating borrow amounts and risking premature liquidations

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!