Transfers risk using outdated indexes which results in wrong amounts being transferred
Vulnerability Details
When transferring a ScaledBalance token you need to update the indexes on the LendingPool just in case there has been no other transaction before in that block that did so.
You need to do so because the interest indexes always grow every second and if you don't update it, you risk using outdated past indexes.
If the indexes are outdated, in this case specifically the liquidity index one, the transfers amount will be incorrect as they are calculated using this index in a rayDiv() operation.
Impact
If no other actions generated a liquidity index update in the block and there are transfers, these will be transferring incorrect amounts.
Recommendations
Just like AAVE does, update the liquidity index when transfers occur.
For reference on how to implement this you can check the following AAVE code:
-
On the
AToken::_transfer()the following call to the pool is made here. -
This call, if needed, eventually triggers and index recalculation and returns the new real current index. See here.
In RAAC, a LendingPool::updateState() call right on RToken::_update() here, should be enough.
Lead Judging Commences
LendingPool::getNormalizedIncome() and getNormalizedDebt() returns stale data without updating state first, causing RToken calculations to use outdated values
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.