Incorrect computation of DUST amount will lead to a `REVERT` in `calculateDustAmount()`
Summary
Computation of totalRealBalance using totalSupply and liquidity index is WRONG. Because, the totalSupply which is being used is ALREADY SCALED.
We are trying to scale it twice, which leads to inaccurate comparison for computation of dust amount leading to a REVERT.
Vulnerability Details
The computation of dust amount via calculateDustAmount() forms an important part of function transferAccruedDust(). The value returned by calculate dust is further used in transfer etc.
Observe the computation of variable currentTotalSupply which is fetched from totalSupply().
We are incorrectly assuming that it has not been SCALED yet. However, totalSupply() returns a scaled balance.
Due to this inaccurate assumption, we compute the totalRealBalance by multiplying supply again with liquidity index. This would result in scaling the balance TWICE.
Because of this issue, there will be a WRONG comparison, which would most likely favour totalRealBalance and the dust value that would be returned will be zero. This will later lead to a REVERT.
So, even if there is dust amount in the pool, it would still return zero value and lead to a revert. This will prevent transferring accrued dust.
Hence, this would breaks the functionality.
Impact
Unable to transfer dust amount via transferAccruedDust()
Tools Used
Manual
Recommendations
Consider using the variable currentTotalSupply directly by assigning it to totalRealBalance
Lead Judging Commences
RToken::calculateDustAmount incorrectly applies liquidity index, severely under-reporting dust amounts and permanently trapping crvUSD in contract
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.