Core Contracts

Summary

There is a critical issue in the utilization rate calculation within the protocol, leading to excessive emissions and incorrect reward distribution. The problem arises due to the reserve.totalUsage not being scaled by the usageIndex, and only usageIndex is returned, this ends up resulting in an inflated utilization rate.

Vulnerability Details

The incorrect computation of the utilization rate stems from the fact that totalUsage isn't used at all and that:
uint256 totalBorrowed = lendingPool.getNormalizedDebt();.
also LendingPool::getNormalizedDebt returns:

As a result, the total borrowed value remains in ray precision (1e27) and is then divided by a value of 1e18 precision,

causing the values to be inflated significantly, but not only are they inflated, they are also incorrect even if they weren't in differing precision - this is because getNormallizedDebt returns the reserve.usageIndex and reserve.usageIndex is a variable representing the cumulative interest of the debt holders - which is critically not the debt - the debt values must be scaled by this to get correct amounts.

Here is an example Scenario
Assume the following conditions:

• usageIndex = 1.02e27

• totalDeposits = 100e18 (100 rTokens in 18 decimal format)

• totalUsage = 100e18

upon completing the calculation in remix, the result is:
1.02e27 * 100 / 100e18 = 1020000000

This is far higher than the utilisation target of 70 (uint256 public utilizationTarget = 70; // 70% target utilization). As a result, the maxRate will be reached quickly, resulting in a higher emission rate than expected which is incorrect.

Impact

Incorrect emission rate value is used.

Tools Used

Manual review

Recommendations

totalBorrowed should equal reserve.totalUsage.rayMul(lendingPool.getNormalizedDebt())