Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

reserve.totalUsage not updated correctly causes incorrect Rtoken minting/burning

anonymousjoe

Summary

Not updating the reserve.totalUsage correctly

Vulnerability Details

Firstly, the reserve.totalUsage is the total amount of debt owed by the borrowers including the interest accrued. This can be seen by noticing when the totalUsage is updated(it is updated after a repay/borrow etc is done) with the totalSupply of the debtToken (which obviously contains the interest + principal of borrowers).

Secondly, the totalSupply of the debtToken changes whenever the usageIndex changes(or if burning/minting is done). But mainly when the usageIndex changes, it means that some interest has been accrued.

Thus it should make sense that whenever the usage Index changes the reserve.totalUsage should be updated, else the value stored in the reserve.totalUsage accounts for stale principal + interest.

In the updateReserveInterests function in the ReserveLibrary.sol it can be seen that the usageIndex changes, and thus the reserve.totalUsage should have also been updated which is not being done.

This become an issue in cases where the reserve.totalUsage is not updated separately (like in borrow/repay). During withdraw the usage index changes, which inturn (should) changes the totalUsage which will change the utilization rate, which should inturn change the liquidity Index and thus by extension the amount of Rtoken minted.

There are many impacts of this missing updation. But it feel that the incorrect minting of RToken should be enough to warrant a high severity.

function updateReserveInterests(ReserveData storage reserve,ReserveRateData storage rateData) internal {
uint256 timeDelta = block.timestamp - uint256(reserve.lastUpdateTimestamp);
if (timeDelta < 1) {
return;
}
uint256 oldLiquidityIndex = reserve.liquidityIndex;
if (oldLiquidityIndex < 1) revert LiquidityIndexIsZero();
// Update liquidity index using linear interest
reserve.liquidityIndex = calculateLiquidityIndex(
rateData.currentLiquidityRate,
timeDelta,
reserve.liquidityIndex
);
=> // usageIndex has changed (because there is a time delta)
// Update usage index (debt index) using compounded interest
reserve.usageIndex = calculateUsageIndex(
rateData.currentUsageRate,
timeDelta,
reserve.usageIndex
);
// Update the last update timestamp
reserve.lastUpdateTimestamp = uint40(block.timestamp);
emit ReserveInterestsUpdated(reserve.liquidityIndex, reserve.usageIndex);
}

Impact

Among others, the incorrect minting/burning of RTokens. (for example: errors in interest calculation also come up)

Tools Used

manual review

Recommendations

Synchronize the reserve.totalUsage with the totalSupply of the debtToken, or use the totalSupply of the debtToken and deprecate the reserve.totalUsage.

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

ReserveLibrary::updateReserveInterests updates usageIndex but not totalUsage when interest accrues, causing stale debt values that lead to incorrect utilization rates

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

ReserveLibrary::updateReserveInterests updates usageIndex but not totalUsage when interest accrues, causing stale debt values that lead to incorrect utilization rates

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.