The RToken contract's burn mechanism has a scaling calculation error when converting between normalized and denormalized balances. This affects the core economic model of the lending protocol.
When users attempt to burn their RTokens to reclaim underlying assets, they receive incorrect amounts due to precision loss in the scaling calculations. This directly impacts user funds and trust in the protocol.
See this attack flow
The RToken contract acts like a bank that issues special receipts (RTokens
) for deposited assets. These receipts grow in value over time as interest accrues. However, there's . flaw in how the contract calculates value when users want to cash in their receipts.
Imagine a savings account where $100 has grown to $150 through interest. When withdrawing, the contract should give you $150, but due to a calculation error, you might only receive $133. This is exactly what happens in the RToken contract.
This mathematical sleight-of-hand means users burning 1000 RTokens with a 150% interest index would receive 666.67 underlying tokens instead of the rightful 1500. The impact ripples through the entire lending protocol, imagine it consistently shortchanging users on their interest payments.
This can result in users receiving incorrect amounts of underlying assets when burning RTokens, potentially either more or less than they should.
The burn()
function's scaling calculation doesn't properly maintain precision when converting between scaled and unscaled amounts.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.