Outdated usage index in view functions leads to incorrect debt calculations
Summary
The LendingPool contract uses an outdated usage index in the getUserDebt() view function, leading to incorrect debt calculations.
Vulnerability Details
The LendingPool::getUserDebt() function directly use reserve.usageIndex without updating it to the current timestamp:
The usage index represents the accumulated interest rate over time and should be updated with each block timestamp. The current implementation returns potentially stale values since it doesn't calculate the index for the current timestamp.
The root cause is that these functions directly access storage values instead of using ReserveLibrary.getNormalizedDebt() which properly calculates the up-to-date index.
Impact
Using outdated indices leads to incorrect debt calculations when users check their current debt
Recommendations
Use ReserveLibrary Functions
Lead Judging Commences
LendingPool::getUserDebt uses stale usageIndex without accounting for accrued interest since last update
LendingPool::getUserDebt uses stale usageIndex without accounting for accrued interest since last update
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.