Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Palmy Finance>High findings>Checkpoint function confuses scaled balance and actual balance of LToken
GeneralOverview
Findings
High (5)Stale prices from oracleZero price from the fallback oracleSuspending a token does not clear the variableThe locked amount is truncated to `int128`An interest portion of collected fees are locked
Medium (3)
Low (1)
Informational (2)
DiscussionTest suiteOracle risksUnused codeTypos
Threat ModelWhat are threat models?FeeDistributor.solLeverager.solVoter.solVotingEscrow.sol
Audit ResultsSummary
Category: Business Logic

Checkpoint function confuses scaled balance and actual balance of LToken

High Severity
High Impact
High Likelihood

Description

The Voter contract invokes the scaledBalanceOf function to determine its token balance, add the increased balance directly to the distributable amount of the token, divide it by each user's share, and transfer to them.

The token in the Voter contract is the LToken. LToken is minted when you deposit the asset to the lending pool. Conversely, you can burn the LToken to get back the asset from the lending pool.

The lending pool manages the liquidity index of the reserve, which is the cumulated scale of the sum of capital and interest compared to the initial capital. For example, if one of the reserves in the lending pool generated the total interest 25% since the initialization of the reserve, the liquidity index of the reserve is 1.25.

People who deposited to the lending pool passively earn the interest due to the passive increase of their wallet balance. This can happen because the balanceOf function of LToken returns the multiplication of scaled balance and the liquidity index of the reserve on the lending pool.

For instance, let us assume Alice deposited 1 OAS when the liquidity index was 1.25, and Alice received 1 lOAS. Internally, when the lending pool mints the lOAS, it divides the amount to be minted by the liquidity index and adds it to the scaled balance. In this case, the scaled balance of Alice will be 0.8.

Now let us assume again that time has passed and the liquidity index became 1.5. When Alice checks her wallet balance, it would be the 1.2 lOAS, which is larger than Alice originally deposited. Internally, the scaled balance of Alice is still 0.8, but Alice's wallet balance increased because the liquidity index increased.

Alice now transfers the 0.6 lOAS to Bob. After that, Alice and Bob will have 0.6 lOAS, respectively. Internally, the amount to be transferred, 0.6, is divided by the liquidity index, 1.5. This is 0.4, and this is subtracted and added to the scaled balances of Alice and Bob. Alice and Bob will have 0.4 of the scaled balance, respectively.

The Voter contract utilizes the scaledBalanceOf function to obtain its balance, but this is incorrect since this does not represent the actual balance.

Impact

The part of the cumulative interest of the token will be locked in the contract forever. For example, if the Voter contract receives 1.2 lOAS when the liquidity index is 1.5, it only distributes 0.8 lOAS and locks up the 0.4 lOAS.

Recommendations

Consider multiplying the liquidity index to the token amount to be distributed to a user or using the balanceOf function for tracking its balance.

Remediation

Zellic © 2025Back to top ↑