Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Reserve liquidity is not reduced after accrued dust is transferred

trtrth

Summary

The function LendingPool::transferAccruedDust() handles logic to transfer the accrued dust amount in reserve. However, after the transfer, the reserve total liquidity is not reduced.

Vulnerability Details

The function LendingPool::transferAccruedDust() calls RToken::transferAccruedDust() to send the accrued dust amount. But after the call, the reserve's total liquidity is not reduced by the transferred amount.

This can cause the reserve's actual liquidity is lower than the value that is recorded in contract storage. As a result, any further calculations using reserve.totalLiquidity can be inaccurate.

// LendingPool

function transferAccruedDust(address recipient, uint256 amount) external onlyOwner {

// update state

ReserveLibrary.updateReserveState(reserve, rateData);

require(recipient != address(0), "LendingPool: Recipient cannot be zero address");

@> IRToken(reserve.reserveRTokenAddress).transferAccruedDust(recipient, amount);

}

// RToken

function transferAccruedDust(address recipient, uint256 amount) external onlyReservePool {

if (recipient == address(0)) revert InvalidAddress();

uint256 poolDustBalance = calculateDustAmount();

if(poolDustBalance == 0) revert NoDust();

// Cap the transfer amount to the actual dust balance

uint256 transferAmount = (amount < poolDustBalance) ? amount : poolDustBalance;

// Transfer the amount to the recipient

@> IERC20(_assetAddress).safeTransfer(recipient, transferAmount);

emit DustTransferred(recipient, transferAmount);

}

Impact

Pool's actual liquidity is less than the recorded value in contract
Lending parameters can be calculated inaccurately because of the incorrect reserve.totalLiquidity

Tools Used

Manual

Recommendations

function transferAccruedDust(address recipient, uint256 amount) external onlyOwner {

// update state

ReserveLibrary.updateReserveState(reserve, rateData);

require(recipient != address(0), "LendingPool: Recipient cannot be zero address");

- IRToken(reserve.reserveRTokenAddress).transferAccruedDust(recipient, amount);

+ uint256 amount = IRToken(reserve.reserveRTokenAddress).transferAccruedDust(recipient, amount);

+ reserve.totalLiquidity -= amount;

}

Updates

Lead Judging Commences

inallhonesty Lead Judge about 2 months ago

Submission Judgement Published

Validated

Assigned finding tags:

LendingPool::transferAccruedDust doesn't update reserve.totalLiquidity when dust is transferred, causing discrepancy between tracked and actual liquidity

inallhonesty Lead Judge about 2 months ago

Submission Judgement Published

Validated

Assigned finding tags:

LendingPool::transferAccruedDust doesn't update reserve.totalLiquidity when dust is transferred, causing discrepancy between tracked and actual liquidity

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.