Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

`DebtToken::burn` returns values in incorrect order

tdey

Vulnerability Details

As per the comments in the DebtToken::burn function :

/**
* @notice Burns debt tokens from a user
* @param from The address from which tokens are burned
* @param amount The amount to burn (in underlying asset units)
* @param index The usage index at the time of burning
* @return A tuple containing:
* - uint256: The amount of scaled tokens burned
* - uint256: The new total supply after burning
* - uint256: The amount of underlying tokens burned
* - uint256: The balance increase due to interest
*/
function burn(
address from,
uint256 amount,
uint256 index
){...}

We can see from the comments that,
the first param to be returned is : The amount of scaled tokens burned
the third param to be returned is : The amount of underlying tokens burned

But in the function the params are returned in the following order

return (amount, totalSupply(), amountScaled, balanceIncrease);

The position of scaled token amount and underlying token amount is interchanged. Which will give wrong results.

Impact

Functions relying on the correct order may process data incorrectly, leading to logic errors.

Tools used

Manual review

Reccomended mitigation

Update the return statement to return the values in correct order as follows :

--- return (amount, totalSupply(), amountScaled, balanceIncrease);
+++ return (amountScaled, totalSupply(), amount, balanceIncrease);
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

DebtToken::burn returns items in the wrong order

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

DebtToken::burn returns items in the wrong order

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.