Incorrect debt scaling in repayment leads to incorrect event emissions
Summary
The LendingPool::_repay() function incorrectly compares unscaled repayment amounts with scaled debt balances, leading to values in the emitted event.
Vulnerability Details
In LendingPool::_repay(), the function attempts to cap the repayment amount at the user's current debt:
The issue is that amount represents the raw repayment amount while userScaledDebt is the debt amount divided by the usage index. This comparison is invalid since they are in different units - one is scaled and one isn't.
For example:
User debt: 100 tokens
Usage index: 1.1
Scaled debt: 90.9 tokens
Repayment amount: 100 tokens
The code would incorrectly cap the repayment at 90.9 tokens even though the user is trying to repay their full 100 token debt.
Impact
The Repay event emits the capped scaled amount rather than the actual repayment amount, leading to incorrect event data that external systems may rely on
Recommendation
Emit the actual repayment amount in the Repay event.
Lead Judging Commences
LendingPool::_repay emits Repay event with capped actualRepayAmount instead of the real amountScaled value that was transferred, causing misleading event data
LendingPool::_repay emits Repay event with capped actualRepayAmount instead of the real amountScaled value that was transferred, causing misleading event data
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.