Submission Details
Severity:
Incorrect calculation in `RAACMinter::getUtilizationRate` function
Summary
The getUtilizationRate function has an issue with the incorrect initialization of the totalBorrowed variable (+), which is leading to a completely inaccurate calculation.
Vulnerability Details
In the RAACMinter::getUtilizationRate function, there is a variable named totalBorrowed that is meant to hold the total amount of RToken borrowed.
uint256 totalBorrowed = lendingPool.getNormalizedDebt();
However, the getNormalizedDebt function returns reserve.usageIndex instead of reserve.totalUsage.
function getNormalizedDebt() external view returns (uint256) {
return reserve.usageIndex;
}
Impact
Incorrect calculation
Tools Used
Manual review
Recommendations
Add a specific function to return reserve.totalUsage and use that function to initialize totalBorrowed.
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
RAACMinter::getUtilizationRate incorrectly mixes stability pool deposits with lending pool debt index instead of using proper lending pool metrics
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
RAACMinter::getUtilizationRate incorrectly mixes stability pool deposits with lending pool debt index instead of using proper lending pool metrics
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.