Incorrect Scaling Operation in Debt Token Total Supply Calculation
Summary
The debt token's totalSupply function incorrectly uses rayDiv instead of rayMul when scaling the supply with the normalized debt index. This results in an incorrect and lower total debt than exists in the system.
Vulnerability Details
Debt token balances are stored in scaled form (divided by index). To get actual debt, scaled amounts should be multiplied by the current index. However, current implementation divides instead, reducing the debt amount.
Example scenario:
Values:
Scaled supply = 1000Normalized debt index = 1.1
Current calculation (incorrect):````totalSupply = 1000 / 1.1 ≈ 909````[Returns less debt than actually exists]
Should be:````totalSupply = 1000 * 1.1 = 1100````[Correct debt amount]
Impact
reports incorrect total debt
Protocol parameters based on total debt would be miscalculated
Tools Used
Manual
Recommendations
Fix the scaling operation:
Lead Judging Commences
DebtToken::totalSupply incorrectly uses rayDiv instead of rayMul, severely under-reporting total debt and causing lending protocol accounting errors
DebtToken::totalSupply incorrectly uses rayDiv instead of rayMul, severely under-reporting total debt and causing lending protocol accounting errors
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.