Incorrect Utilization Rate Calculation in getUtilizationRate() in RAACMinter
Summary
The getUtilizationRate function in RAACMinter.sol incorrectly calculates the utilization rate by dividing totalBorrowed (which represents accumulated debt interest) by totalDeposits (which represents the RToken balance of the Stability Pool). These two values are incompatible due to their differing meanings and decimal precisions. This results in meaningless utilization rate values.
Vulnerability Details
totalBorrowed is the usageIndex, representing the accumulated interest on 1 crvUSD since the pool’s inception, not the total borrowed amount.
totalDeposits represents the RToken balance in the Stability Pool, which has a different unit and scale.
Dividing these values directly produces an arbitrary and incorrect result because they are not in the same unit or scale.
Utilization rate should not be calculated by unrelated metrics.
Impact
The calculated utilization rate will not reflect actual borrowing behavior, leading to incorrect emission rate calculations and reward distributions.
Tools Used
manual review
Recommendation
Replace the flawed calculation with a proper utilization rate formula, similar to the one used in ReserveLibrary.sol
Lead Judging Commences
RAACMinter::getUtilizationRate incorrectly mixes stability pool deposits with lending pool debt index instead of using proper lending pool metrics
RAACMinter::getUtilizationRate incorrectly mixes stability pool deposits with lending pool debt index instead of using proper lending pool metrics
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.