Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Incorrect Calculation of `ReserveLibrary::getNormalizedDebt` function in a case of `timeDelta` equals to zero

pianist

Vulnerability Details

The ReserveLibrary::getNormalizedDebt function is intended to return updated reserve.usageIndex variable. however in a case of timeDelta equals to zero, it returns reserve.totalUsage variable.

if (timeDelta < 1) {
return reserve.totalUsage;
}

Impact

Incorrect calculation

Tools Used

Manual review

Recommendations

Simply change the function like bellow :

function getNormalizedDebt(ReserveData storage reserve, ReserveRateData storage rateData) internal view returns (uint256) {
uint256 timeDelta = block.timestamp - uint256(reserve.lastUpdateTimestamp);
if (timeDelta < 1) {
- return reserve.totalUsage;
+ return reserve.usageIndex;
}
return calculateCompoundedInterest(rateData.currentUsageRate, timeDelta).rayMul(reserve.usageIndex);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

getNormalizedDebt returns totalUsage (amount) instead of usageIndex (rate) when timeDelta < 1, breaking interest calculations across the protocol

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

getNormalizedDebt returns totalUsage (amount) instead of usageIndex (rate) when timeDelta < 1, breaking interest calculations across the protocol

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!