Core Contracts

Summary

In the DebtToken contract's mint function, the amount being minted is not properly scaled with respect to the usage index, leading to users receiving significantly more debt tokens than they should, causing accounting errors in the lending protocol.

Vulnerability Details

The issue lies in the fundamental mechanism of how debt tokens work in lending protocols. Let me explain:

The protocol uses a ray-based index system (similar to Aave) where:

• All balances are stored in a scaled form

• The actual balance = scaled balance * current index

In the DebtToken.mint function, we have:

The critical error is that we're minting amountToMint which is the normalized amount (actual debt amount) instead of amountScaled which is the scaled amount.

To understand why this is wrong:

• If the current index is 2 * RAY and a user borrows 100 tokens

• amountScaled should be 50 i.e (100 / 2)

• We should mint 50 scaled tokens of which when repaying will be multiplied by the current index (2), gives 100 tokens

• Instead, we're minting 100 tokens which during repaying multiplied by the index, will give 200 tokens

PoC

1. Alice deposits 1000 tokens as collateral

2. Current usage index is 2 * RAY

3. Alice borrows 100 tokens

4. The system should:

   • Calculate amountScaled = 100 / 2 = 50

   • Mint 50 scaled tokens to Alice

   • When reading Alice's balance and repaying: 50 * 2 = 100 asset tokens (correct debt)

5. Instead, the system:

   • Calculates amountScaled = 100 / 2 = 50

   • Mints 100 tokens to Alice

   • When reading and repaying Alice's balance: 100 * 2 = 200 asset tokens (incorrect debt)

Impact

• Users receive more than their intended debt tokens

• Liquidation mechanisms may trigger prematurely.

• Total protocol debt is artificially inflated

Tools Used

Manual code review

Recommendations

Modify the mint function to use the scaled amount: