Incorrect Calculation of Normalized Debt in ReserveLibrary
Summary
The getNormalizedDebt function returns an interest factor rather than the actual debt amount. It should return the debt amount multiplied by the compounded interest, but it currently returns just the compounded interest multiplied by the usage index.
Vulnerability Details
In the getNormalizedDebt function, the calculation for normalized debt is incorrect. This returns the interest factor based on the usage rate and the usage index, but it does not account for the actual total debt (reserve.totalUsage). The getNormalizedDebt function should calculate the total debt by applying compounded interest to the current debt (reserve.totalUsage), not just the usage index.
Impact
If the function is not corrected, it may return incorrect debt values, which can affect interest calculations and other downstream logic, potentially leading to financial errors or exploits.
Tools Used
Manual review
Recommendations
To fix the issue, modify the return statement in getNormalizedDebt to include the actual debt amount (reserve.totalUsage) multiplied by the interest factor:
Lead Judging Commences
getNormalizedDebt doesn't return total debt but only the index, causing incorrect utilization and interest rate calculations
getNormalizedDebt doesn't return total debt but only the index, causing incorrect utilization and interest rate calculations
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.