Submission Details
Severity:
Double scaling applied during RToken transfers
Summary
The RToken _update hook scales the amounts dividing them by the liquidity index, so that transfers can directly pass the unscaled token amount. However, both transfer and transferFrom are also dividing the amount by the liquidity index:
function transfer(
address recipient,
uint256 amount
) public override(ERC20, IERC20) returns (bool) {
//@audit _update already scales the amount
uint256 scaledAmount = amount.rayDiv(
ILendingPool(_reservePool).getNormalizedIncome()
);
return super.transfer(recipient, scaledAmount);
}
This is not correct.
Vulnerability Details
Impact
Actual balance is incorrectly adjusted.
Tools Used
Manual review.
Recommendations
Only scale amounts once.
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
RToken::transfer and transferFrom double-scale amounts by dividing in both external functions and _update, causing users to transfer significantly less than intended
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
RToken::transfer and transferFrom double-scale amounts by dividing in both external functions and _update, causing users to transfer significantly less than intended
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.