Submission Details
Severity:
before transferring debt token update state should be called in lending pool
Summary
before transferring debt token update state should be called in lending pool
Vulnerability Details
Following is from the debt token contract
function _update(address from, address to, uint256 amount) internal virtual override {
if (from != address(0) && to != address(0)) {
revert TransfersNotAllowed(); // Only allow minting and burning
}
uint256 scaledAmount = amount.rayDiv(ILendingPool(_reservePool).getNormalizedDebt());
super._update(from, to, scaledAmount);
emit Transfer(from, to, amount);
}
So in order to correctly transfer the tokens getnormalized debt should return the latest value for that we need to call the update stae function on the lending pool contract which updates the uasga index upto date.
Impact
Incorrect scaled amount
Tools Used
Recommendations
Call update state function befroe calculating the scaled amount.
Updates
Lead Judging Commences
inallhonesty 3 months ago
Submission Judgement Published Assigned finding tags:
LendingPool::getNormalizedIncome() and getNormalizedDebt() returns stale data without updating state first, causing RToken calculations to use outdated values
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.