The transferFrom quoted a stale nomalizedAmount and double scales amount to transfer
Summary
The transferFrom function uses getNormalizedIncome without updating the state, and also double scales the amount to transfer.
Vulnerability Details
The transferFrom of the Rtoken allow users to transfer their tokens to another address
The issue with this implementation is that, it uses the getNormalizedIncome which returns the previous normalizedIncome and does not update the state, this will lead to transferring incorrect amount.
Another issue with this is that, the function scales the amount in the transfer function, then again the overridden internal _update did the same , this will lead to incorrect scaling and thus incorrect transfer of assets
Impact
Incorrect scaling of the assets an also incorrect interest quote.
Tools Used
Manual review
Recommendations
Scales the amount only once and update the interest by calling the updateState before quoting the normalizedIncome.
Lead Judging Commences
RToken::transfer and transferFrom double-scale amounts by dividing in both external functions and _update, causing users to transfer significantly less than intended
RToken::transfer uses getNormalizedIncome() while transferFrom uses _liquidityIndex, creating inconsistent transfer amounts depending on function used
RToken::transfer and transferFrom double-scale amounts by dividing in both external functions and _update, causing users to transfer significantly less than intended
RToken::transfer uses getNormalizedIncome() while transferFrom uses _liquidityIndex, creating inconsistent transfer amounts depending on function used
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.