Incorrect scaling in `DebtToken::totalSupply` leading to undervalued total debt
Summary
The DebtToken::totalSupply contains a critical mathematical error, it incorrectly scales down the total debt amount using rayDiv instead of scaling it up using rayMul. This token represents user debt that grows with interest over time through an interest index (normalized debt). When calculating the totalSupply, the contract should multiply the stored amount by the current interest index to get the true total debt including accrued interest. However, the current implementation divides by the index instead, which leads to reporting less debt than actually exists.
Vulnerability Details
Impact
Underreporting of the protocol's total debt, which misleads users and protocol management about the true state of outstanding loans, leads to accounting issues. Additionally, there is an iconsistency with individual user balances (balanceOf) which are correctly scaled using rayMul.
Tools Used
Manual review
Recommendations
Lead Judging Commences
DebtToken::totalSupply incorrectly uses rayDiv instead of rayMul, severely under-reporting total debt and causing lending protocol accounting errors
DebtToken::totalSupply incorrectly uses rayDiv instead of rayMul, severely under-reporting total debt and causing lending protocol accounting errors
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.