Mismatch in Repayment Transfer Amount Causing Underpayment
Summary
The repayment logic transfers an amount based on the scaled repayment (amountScaled) rather than the user’s intended repayment amount, causing a discrepancy between the funds provided and the debt reduction.
Vulnerability Details
After burning DebtTokens, the contract executes:
Due to the double scaling issue discussed previously, the amountScaled computed may be lower than expected. Consequently, the funds transferred from the repayer do not fully cover the intended repayment, leading to an incomplete debt settlement, or could be higher than expected and cause a revert to repay.
Impact
Incomplete Debt Repayment: Users may inadvertently leave part of their debt unpaid, leading to potential liquidation or additional fees.
Tools Used
Manual Review
Recommendations
Align the repayment transfer amount with the raw repayment amount rather than the scaled value.
Adjust the burn and transfer sequence so that the scaling logic is consistently applied once, ensuring the user’s funds match the repayment obligation.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
View preliminary resultsAppeals Review
Appeals are being carefully reviewed by our judges.
Rewards Distribution
The contest is complete and the rewards are being distributed.