Incorrect Return Values in mint::RToken
Finding Description and Impact
The mint function returns amountToMint as the second value in the tuple, but it should return amountScaled instead and it returns amountScaled as the fourth value when it should return amountToMint. (Essentially amountToMint and amountScaled need to be swapped around in the return tuple.) This discrepancy can lead to incorrect off-chain calculations or integrations.
Impact:
Off-chain systems relying on the return value of
mintmay misinterpret the scaled amount.This could lead to incorrect accounting, reporting, or integration with external systems.
Proof of Concept
-
Code Reference:
function mint(address caller,address onBehalfOf,uint256 amountToMint,uint256 index) external override onlyReservePool returns (bool, uint256, uint256, uint256) {...return (isFirstMint, amountToMint, totalSupply(), amountScaled);} -
Steps to Reproduce:
Deploy the
RTokencontract.Call
mintwith a non-zeroamountToMint.Observe that
amountToMintandamountScaledneed to be swapped around.
Recommended Mitigation Steps
Update the mint function to return amountScaled as the second value in the tuple and amountToMint as the fourth value :
This ensures that the scaled amount is accurately reported, preventing off-chain calculation errors.
Lead Judging Commences
RToken::mint doesn't return data in the right order, making the protocol emit wrong events
RToken::mint doesn't return data in the right order, making the protocol emit wrong events
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.