cergyk - BigBang/Singularity::_updateBorrowAndCollateralShare totalBorrow variable is never updated and breaks a few core mechanics

[sherlock-admin4]

cergyk

high

BigBang/Singularity::_updateBorrowAndCollateralShare totalBorrow variable is never updated and breaks a few core mechanics

Summary

When liquidating users, their individual borrow share is reduced, however the variable tracking totalBorrow is not updated. This breaks the accounting for a few core mechanisms

Vulnerability Detail

As we can see in the function _updateBorrowAndCollateralShare: https://github.com/sherlock-audit/2024-02-tapioca/blob/main/Tapioca-bar/contracts/markets/bigBang/BBLiquidation.sol#L166-L228

the variable totalBorrow is never updated, as done in liquidateBadDebt: https://github.com/sherlock-audit/2024-02-tapioca/blob/main/Tapioca-bar/contracts/markets/bigBang/BBLiquidation.sol#L85-L86

Which means that the debtRate used to accrue interest, is incorrectly increased or decreased depending on if the market is eth big bang or not: https://github.com/sherlock-audit/2024-02-tapioca/blob/main/Tapioca-bar/contracts/markets/bigBang/BBCommon.sol#L49

Also the rewards sent to twTap are going to be reduced as a result: https://github.com/sherlock-audit/2024-02-tapioca/blob/main/Tapioca-bar/contracts/Penrose.sol#L277-L301

However individual borrows should not be impacted, since their borrow share ratios remain the same

Impact

Incorrect interest rate applied to borrows on BigBang markets, reduced rewards distributed to twTap in penrose.

Code Snippet

Tool used

Manual Review

Recommendation

Remove the repaid debt from global variable totalBorrow

Duplicate of #49

[cryptotechmaker]

Medium; User is not at loss