Summary

The totalSupply function in the DebtToken contract is incorrectly calculating the total supply by using rayDiv on the scaled supply. This causes the total supply to be much smaller than it should be. In contrast, the balanceOf function correctly uses rayMul to calculate the user's balance. The issue with the totalSupply function results in an inaccurate total supply, which can affect other calculations and functionalities dependent on the total supply.

Vulnerability Details

• Issue:
  In the DebtToken contract, the totalSupply function incorrectly applies rayDiv on the scaled total supply:

  return scaledSupply.rayDiv(ILendingPool(_reservePool).getNormalizedDebt());

  This is problematic because it reduces the total supply incorrectly, whereas the balanceOf function correctly multiplies the scaled balance using rayMul. The total supply should be calculated based on the normalized debt, but rayDiv does not give the correct result here and makes the value much smaller than expected.

• Affected Code:

  function totalSupply() public view override(ERC20, IERC20) returns (uint256) {

  uint256 scaledSupply = super.totalSupply();

  return scaledSupply.rayDiv(ILendingPool(_reservePool).getNormalizedDebt()); // Incorrect

  }

  The use of rayDiv in the totalSupply function is not appropriate because it reduces the total supply too much, leading to an inaccurate value for total supply.

Impact

• Incorrect Total Supply:
  The total supply will be reported as much smaller than the actual supply. This can cause issues for any functionality that depends on the correct total supply, such as market valuations, liquidity calculations, and other token-related functions.

• Inaccurate Token Metrics:
  Incorrect total supply affects any calculation or view function that uses the total supply, leading to distorted token metrics and potentially confusing users or other contracts interacting with the system.

Tools Used

• Manual Code Review

Recommendations

1. Fix the Total Supply Calculation:
   Instead of using rayDiv, the correct approach would be to apply the appropriate scaling factor to the total supply using rayMul, similar to how it is handled in the balanceOf function. The corrected code would be:

   function totalSupply() public view override(ERC20, IERC20) returns (uint256) {

   uint256 scaledSupply = super.totalSupply();

   return scaledSupply.rayMul(ILendingPool(_reservePool).getNormalizedDebt()); // Correct

   }

2. Ensure Consistent Scaling Logic:
   Apply the same logic for scaling in both balanceOf and totalSupply to ensure that they are consistent in how they handle the scaling with getNormalizedDebt.