Core Contracts

Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Submission Details
Severity: high
Valid

Missing Override for Approve and Permit in RToken

01. Relevant GitHub Links

02. Summary

In this RToken implementation, the standard approve and permit functions are not overridden. Since RToken balances do not carry the same value as the underlying asset balance (they must be scaled by rayMul(NormalizedIncome)), a user could unintentionally allow more tokens than they initially expect.

03. Vulnerability Details

  • Behavior: The approve and permit functions in RToken behave the same as in a typical ERC20 token, but the actual token value is scaled by rayMul(NormalizedIncome).

  • Consequence: Because of this scaling, the allowance set through approve or permit might not accurately reflect the real value of the tokens. Users relying on these functions could end up granting a higher allowance than intended.

04. Impact

If users or other contracts rely on the standard ERC20 allowance mechanism, they might unknowingly approve or permit a larger amount of tokens. This discrepancy may lead to unintended token transfers or a loss of precise control over token spending.

05. Tools Used

Manual Code Review and Foundry

06. Recommended Mitigation

Override the approve and permit functions to account for the scaling logic. Ensure that any allowances correctly consider the NormalizedIncome so that the approved amounts match users’ expectations.

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RToken approval mechanism unit mismatch: approve() uses scaled units while transferFrom() uses underlying units, allowing attackers to transfer more tokens than users intended to approve

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RToken approval mechanism unit mismatch: approve() uses scaled units while transferFrom() uses underlying units, allowing attackers to transfer more tokens than users intended to approve

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.