Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Incorrect Utilization Rate Calculation Leads to Hyperinflationary Token Emissions

elhajin

Summary

The RAACMinter contract's utilization rate calculation is fundamentally flawed due to a mismatch between normalized debt (RAY-scaled index) and actual deposit amounts. This causes the utilization rate to be massively inflated, leading to maximum emission rates and hyperinflationary token minting.

Vulnerability Details

The issue stems from comparing incompatible values in the utilization rate calculation:

function getUtilizationRate() internal view returns (uint256) {
uint256 totalBorrowed = lendingPool.getNormalizedDebt(); // Returns RAY (1e27) scaled borrow index
uint256 totalDeposits = stabilityPool.getTotalDeposits(); // Actual token amount (1e18)
if (totalDeposits == 0) return 0;
return (totalBorrowed * 100) / totalDeposits; // Math: (1e27 * 100)/1e18 = 1e11%
}

Key issues:

  1. Incorrect Borrow Metric:

    • getNormalizedDebt() returns a borrow index in RAY precision (1e27)

    • This is NOT the actual borrowed amount but rather a compounding index used for interest calculations

    • The index grows over time with interest accrual, regardless of actual borrows

  2. Scale Mismatch:

    • Borrow index: RAY precision (1e27)

    • Deposits: Standard token precision (1e18)

    • Division: (1e27 * 100) / 1e18 = 1e11

    • Results in utilization rates billions of times higher than reality

  3. Incorrect Deposit Source:

    • Uses StabilityPool deposits instead of LendingPool deposits These pools serve different purposes and their balances are not directly comparable ,StabilityPool deposits not reflect actual borrowable liquidity

The broken utilization rate then impacts token emissions:

function calculateNewEmissionRate() internal view {
uint256 utilizationRate = getUtilizationRate(); // Returns ~1e11%
uint256 adjustment = (emissionRate * adjustmentFactor) / 100;
if (utilizationRate > utilizationTarget) {
// Always true since utilizationRate is massively inflated
emissionRate += adjustment; // Constantly increases
}
// ...
}

Impact

  1. Hyperinflationary Token Emissions:

    • Utilization rate will always show extremely high values (>10,000%)

    • Emission rate adjustments will constantly max out

    • Protocol will mint tokens at maximum allowed rate regardless of actual usage

    • Rapid token supply inflation and broken incentive structure

Tools Used

  • Manual Review

  • Code Analysis

Recommendations

  1. Use actual borrowed amounts and deposits from the lending pool:

function getUtilizationRate() internal view returns (uint256) {
- uint256 totalBorrowed = lendingPool.getNormalizedDebt(); // Returns RAY-scaled index
+ uint256 totalBorrowed = lendingPool.reserve().totalUsage; // Actual borrowed amount
- uint256 totalDeposits = stabilityPool.getTotalDeposits(); // Wrong pool
+ uint256 totalDeposits = lendingPool.reserve().totalLiquidity; // Total liquidity in lending pool
if (totalDeposits == 0) return 0;
return (totalBorrowed * 100) / totalDeposits;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter::getUtilizationRate incorrectly mixes stability pool deposits with lending pool debt index instead of using proper lending pool metrics

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter::getUtilizationRate incorrectly mixes stability pool deposits with lending pool debt index instead of using proper lending pool metrics

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.