Incorrect Handling of amount == 0 in mint::RToken
Finding Description and Impact
In the mint function, when amountToMint == 0, the function returns (false, 0, 0, 0). However, the third value in the tuple (total supply) should return totalSupply() instead of 0.
Impact:
Off-chain systems or integrations relying on the return value of
mintmay misinterpret the total supply.This could lead to incorrect accounting or reporting of the protocol's state.
Proof of Concept
-
Code Reference:
function mint(address caller,address onBehalfOf,uint256 amountToMint,uint256 index) external override onlyReservePool returns (bool, uint256, uint256, uint256) {if (amountToMint == 0) {return (false, 0, 0, 0); // @audit the second 0 says that the totalsupply is always 0, it should return totalSupply()}...} -
Steps to Reproduce:
Deploy the
RTokencontract.Call
mintwithamountToMint == 0.Observe that the third return value is
0instead oftotalSupply().
Recommended Mitigation Steps
Update the mint function to return totalSupply() as the third value in the tuple when amountToMint == 0:
This ensures that the total supply is accurately reported, even for zero-amount mints.
Lead Judging Commences
RToken::mint returns 0 instead of actual totalSupply() when amountToMint is 0, causing incorrect data for off-chain systems relying on return values
RToken::mint returns 0 instead of actual totalSupply() when amountToMint is 0, causing incorrect data for off-chain systems relying on return values
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.