The RToken.sol
contract's transfer()
and transferFrom()
functions incorrectly scale token amounts twice by the liquidity index when performing transfers. This occurs because both the transfer function and the internal _update
function independently apply the same scaling operation, resulting in token amounts being divided by the liquidity index twice.
The issue arises from the interaction between the transfer functions and the _update
function.
When a transfer is initiated:
<= This is Correct
But then, this scaled amount is passed to _update
and divided by the Liquidity Index again:
As a result, the user would transfer:
Low - Transferring incorrect token amounts, significantly less than intended. However, user doesn't lose funds therefore low impact.
High - This issue would be triggered by every transfer operation, affecting all users of the protocol who attempt to transfer tokens.
Low x High = Medium overall
Sufficient information has been provided.
Remove the scaling operation from the transfer and transferFrom functions, keeping it only in _update.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.