Unsafe casting will cause serious troubles in burn functions in edge case
Summary
Both RToken and DebtToken contracts cast to uint128 in burning tokens, which will result in faulty burnings in the case that a user has more tokens than uint128 for that specific operation.
Vulnerability Details
Both RToken and DebtToken contracts have the same _burn call:
Both of these tokens accrue value over time. In the case that a user has immense amount of tokens that surpass uint128, this call will fail to account for all of the user's tokens.
Imagine the scenario where the user (whose debt surpasses uint128) pays all their debt, but since this call casts uint256 into uint128, their debt will not be paid as it should be, the user would lose money. This would be unacceptable.
The same applies to RToken and its own burn function.
Impact
Burning functionality is impaired, it won't work as expected in all cases.
Tools Used
Manual review.
Recommendations
Do not cast burn amount to uint128.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.