vonMangoldt
commented
8 months ago See out of scope description "The ghostshares with the magnitude of 10^3 aquire interest over time which is lost to the system since they capture a tiny part of the interest but can be neglected because of the exponential difference in orders of magnitude compared to a normally used pool and is therfor known and not part of the audit aswell."
vm06007
Description
In the described scenario, there exists a mechanism wherein unowned borrow shares, termed as GHOST_Amount borrow shares, can accumulate interest in the _accrueInterest function. These shares continue to accrue interest without being associated with any owner, leading to a compounding effect. However, since these borrow shares are not owned by anyone, the accrued interest cannot be repaid. This situation poses a risk of bad debt within the financial system.
The formula for computing withdrawable funds involves subtracting borrow assets from supply assets. The presence of borrow shares without an owner effectively reduces the amount of withdrawable funds, contributing to bad debt within the system. It's worth noting that although initially, only one asset may be affected by these borrow shares, the share price can be artificially inflated, potentially leading to a significant impact on the financial stability of the system.
The impact of this issue is currently deemed low due to the relatively small scale, with only 1e6 virtual borrow shares earning interest on a nominal value of 1 wei. Consequently, the accrued bad debt is considered negligible, even when subjected to high borrow rates.
Recommendation
Implement Ownership Mechanisms: Develop and implement mechanisms to ensure that all borrow shares are associated with an owner. This can involve enhancing the validation checks within the _accrueInterest function to prevent the accumulation of interest on unowned borrow shares.
Regular Audit and Monitoring: Conduct regular audits of the financial system to identify any instances of unowned borrow shares and mitigate them promptly. Implement robust monitoring tools to track the movement and ownership of borrow shares, thereby minimizing the risk of bad debt accumulation.