Core Contracts

Summary

The issue arises because the transfer and transferFrom functions in the contract first divide the amount by the liquidity index before passing it to the underlying _update function. However, the _update function also performs a division by the normalized income. This results in a double division of the amount, leading to incorrect token transfers.

Vulnerability Details

The current implementation of the transfer and transferFrom functions scales the amount by dividing it by the liquidity index (_liquidityIndex) before calling the super.transfer or super.transferFrom functions. The _update function, which is called internally by these functions, further scales the amount by dividing it by the normalized income. This double division results in an incorrect final amount being transferred.

For example:

1. A user attempts to transfer amount = X.

2. The transfer function divides X by _liquidityIndex, resulting in scaledAmount = X / _liquidityIndex.

3. The _update function divides scaledAmount by the normalized income, resulting in finalAmount = (X / _liquidityIndex) / normalizedIncome.

4. This double division leads to a significantly smaller amount being transferred than intended.

Impact

The double division of the amount results in incorrect token transfers. Users will receive or send a much smaller amount of tokens than expected, leading to financial inconsistencies and potential loss of funds.

Tools Used

Manual review

Recommendations

To resolve this issue, remove the scaling logic from the transfer and transferFrom functions, as the scaling is already handled by the _update function. This ensures that the amount is only scaled once, avoiding the double division problem.

Make the following changes:

This change ensures that the amount is only scaled once in the _update function, preventing the double division issue and ensuring accurate token transfers.

Also the logic with _liquidityIndex is totally wrong and it should be removed.