Core Contracts

Summary

When a user borrows funds, the protocol is designed to mint DebtTokens that represent the user's debt in a scaled form. This scaling is necessary because interest accrues over time using an index (the usage index). However, the current implementation mints DebtTokens based on unscaled values, causing borrowers to record a higher debt than they should.

Vulnerability Details

When a borrower takes out a loan, the protocol is supposed to mint DebtTokens using the following process:

1. The borrowed amount is first normalized by scaling down using the current index.

2. Any accrued interest (balance increase) is similarly normalized.

3. The sum of these normalized values is minted as DebtTokens, ensuring that when the index is applied later (i.e., scaled back up), the actual debt reflects both principal and accrued interest accurately.

Current Implementation:

Here, amount and balanceIncrease are in their unscaled form. This calculation does not normalize the values using the index, leading to an overstatement of the borrower's debt.

Expected Correct Implementation:

By dividing amountToMint by the current index (rayDiv(index)), we obtain the properly scaled debt amount that should be minted. This ensures that when the DebtToken balance is later multiplied by the index, it yields the correct underlying debt, accurately reflecting the accrued interest.

Impact

• Excessive Debt Recording: Borrowers end up with DebtToken balances that are too high, meaning their actual debt (after scaling) is inflated.

Tools Used

Manual Review

Recommendations

• Correct the Minting Calculation:
  Update the DebtToken::mint() function to mint the DebtTokens using the scaled value:

  + uint256 scaledAmountToMint = amountToMint.rayDiv(index);

  - _mint(onBehalfOf, amountToMint.toUint128());

  + _mint(onBehalfOf, scaledAmountToMint.toUint128());