Inconsistent tracking of total debt and liquidity leads to incorrect utilization rate calculation
Summary
Both the total liquidity and debt are used to calculate the utilization rate. The problem is that total debt is being scaled down when getting the total supply but total liquidity is not leading to an incorrect utilization rate calculation.
Vulnerability Details
Lets first take a look at how total liquidity is tracked. A user calls deposit and transfers a certain amount of a reserve asset. In the Reserve deposit function it passes the amount deposited into the updateInterestRatesAndLiquidity function where it is directly added to the liquidity amount and not scaled by the liquidity index.
Now if we look at how totalUsage is tracked we first start at the borrow function where the debt token is minted. newTotalSupply is returned which is then used as the totalUsage amount. When we look at how the totalSupply of the debt token is calculated, it returns the scaled version of it using the usage index.
This is not consistent with how the liquidity is tracked. One is being scaled by its index and the other is not.
Impact
Incorrect utilization rate calculation
Tools Used
Manual Review
Recommendations
Make the total debt and total liquidity consistent.
Lead Judging Commences
DebtToken::totalSupply incorrectly uses rayDiv instead of rayMul, severely under-reporting total debt and causing lending protocol accounting errors
DebtToken::totalSupply incorrectly uses rayDiv instead of rayMul, severely under-reporting total debt and causing lending protocol accounting errors
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.