Incorrect accounting of poolTotalPeUSDCirculation, resulting in an understatement of poolTotalPeUSDCirculation amounts. This causes inaccurate bookkeeping and in turn affects any other functions dependent on the use of poolTotalPeUSDCirculation.
Proof of Concept
We look at function _repay of LybraPeUSDVaultBase.sol as follows:
Lines of code
https://github.com/code-423n4/2023-06-lybra/blob/7b73ef2fbb542b569e182d9abf79be643ca883ee/contracts/lybra/pools/base/LybraPeUSDVaultBase.sol#L192-L210
Vulnerability details
Impact
Incorrect accounting of
poolTotalPeUSDCirculation
, resulting in an understatement ofpoolTotalPeUSDCirculation
amounts. This causes inaccurate bookkeeping and in turn affects any other functions dependent on the use ofpoolTotalPeUSDCirculation
.Proof of Concept
We look at function
_repay
ofLybraPeUSDVaultBase.sol
as follows:In particular, note the accounting of
poolTotalPeUSDCirculation
after repayment as follows:Consider a scenario per below for user Alice, where:
amount borrowed = 200 totalFee = 2
address(configurator)
.amount - totalFee
.poolTotalPeUSDCirculation
reduces the entireamount
where it should beamount - totalFee
reduced.poolTotalPeUSDCirculation
amounts.Tools Used
Manual review
Recommended Mitigation Steps
Correct the accounting as follows:
Assessed type
Error