Incorrect Comparison in the `DebtToken::burn` Function
Summary
userBalance is scaled and amount is non-scaled. So we cant simply campare them and one of them needs conversion to the other.
Vulnerability Details
In the DebtToken::burn function, the amount variable represents the amount of crvUSD that the user wants to withdraw, while userBalance refers to the balance of RToken that the user possesses. These two values are not comparable because the RToken amount and the crvUSD amount do not have a 1:1 ratio.
Impact
This leads to incorrect calculations.
Tools Used
Manual review.
Recommendations
Convert userBalance to a non-scaled amount by multiplying it by the index before making the comparison.
Lead Judging Commences
LendingPool::_repay compares scaled userScaledDebt with unscaled amount, creating unused actualRepayAmount; calculation is bypassed when burn is called with original amount
LendingPool::_repay compares scaled userScaledDebt with unscaled amount, creating unused actualRepayAmount; calculation is bypassed when burn is called with original amount
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.