Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

RToken overridden _update() function can lead to unexpected behaviour

BBnDD

Vulnerability Details

RToken.sol currently implements the _update() function as:

function _update(address from, address to, uint256 amount) internal override {
// Scale amount by normalized income for all operations (mint, burn, transfer)
uint256 scaledAmount = amount.rayDiv(ILendingPool(_reservePool).getNormalizedIncome());
super._update(from, to, scaledAmount);
}

While this implementation works for correct minting and burning RTokens it can lead to unexpected behaviour and wrong internal accounting in the RAAC protocol and any other protocol that interacts with and transfers RTokens.

The issue arises from the fact that _update() is called not only when minting and burning tokens, but when a transfer happens. Because RToken.sol is an ERC20 contract there is a high chance that protocols assume transferring of RTokens works normal with no scaling of parameters taking place.

Impact

Unexpected behaviour and wrong account in protocols that transfer and interact with RTokens.

Tools Used

manual review

Recommendations

Handle the logic for scaling in the public mint and burn function in RToken.sol and remove the overridden _update() function.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Too generic
inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.