mint in DebtToken is not working correctly
Summary
A critical miscalculation in the DebtToken::mint function leads to an incorrect amountToMint computation due to the improper addition of balanceIncrease.
Vulnerability Details
Root Cause:
The balanceIncrease represents accrued interest on the user's existing debt, which is already accounted for in the protocol's scaled balance calculations. By adding balanceIncrease to amount when computing mint, the contract effectively double-counts the interest. This occurs because:
Debt token balances are stored in scaled form, adjusted by the interest rate index.
Impact
Protocol-Level Risk: Over-minting debt tokens distorts the total debt supply, leading to systemic inaccuracies in user liabilities.
User Impact: Users receive excess debt tokens, resulting in:
Unfair liquidations due to inflated debt positions.
Inaccurate interest calculations, as future interest accrues on an improperly inflated principal.
Tools Used
Manual Code Review
Recommendations
Immediate Fix:
Remove the addition of balanceIncrease when computing mint. The correct calculation should only mint the intended amount:
Lead Judging Commences
DebtToken::mint miscalculates debt by applying interest twice, inflating borrow amounts and risking premature liquidations
DebtToken::mint miscalculates debt by applying interest twice, inflating borrow amounts and risking premature liquidations
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.