Incorrect Return Value of `totalSupply` in `DebtToken` Contract
Summary
There's a critical inconsistency in the totalSupply() calculation compared with balanceOf(). The issue stems from using different operations (rayDiv vs rayMul) for scaling.
Vulnerability Details
Lines:
The totalSupply function uses rayDiv to scale the scaledSupply by the normalized debt obtained from the lending pool. This is inconsistent with how balances are calculated in the balanceOf function, which uses rayMul to scale the user's balance by the same normalized debt.
Impact
Using rayDiv in totalSupply implies that the total supply decreases as the normalized debt increases, which is counterintuitive. The total supply should reflect the total amount of tokens in circulation, not decrease based on the debt index.
Tools Used
Manual Review
Recommendations
To correct this issue, the totalSupply function should use rayMul instead of rayDiv to ensure that the total supply reflects the correct scaling based on the normalized debt:
Lead Judging Commences
DebtToken::totalSupply incorrectly uses rayDiv instead of rayMul, severely under-reporting total debt and causing lending protocol accounting errors
DebtToken::totalSupply incorrectly uses rayDiv instead of rayMul, severely under-reporting total debt and causing lending protocol accounting errors
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.