Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Inconsistent Balance Tracking in StabilityPool Ignores Transferred DETokens

zgczgc

Summary

The StabilityPool contract tracks user balances using userDeposits mapping but fails to account for DETokens transferred between users, leading to inconsistencies in withdrawals, reward calculations, and balance queries.

Vulnerability Details

// 1. Withdraw function only checks userDeposits
function withdraw(uint256 deCRVUSDAmount) external nonReentrant whenNotPaused validAmount(deCRVUSDAmount) {
// ...
if (userDeposits[msg.sender] < rcrvUSDAmount) revert InsufficientBalance(); <==@found
userDeposits[msg.sender] -= rcrvUSDAmount;
// ...
}
// 2. Rewards calculation uses userDeposits instead of actual DEToken balance
function calculateRaacRewards(address user) public view returns (uint256) {
uint256 userDeposit = userDeposits[user]; <==@found
uint256 totalDeposits = deToken.totalSupply();
// ...
return (totalRewards * userDeposit) / totalDeposits;
}
// 3. Balance query ignores transferred tokens
function balanceOf(address user) external view returns (uint256) {
return userDeposits[user]; <==@found
}

Impact

  • Locked Tokens:
    Transferred DETokens cannot be withdrawn

  • Recipients can't access transferred value

  • Lost Rewards:
    Rewards not earned on transferred tokens

  • Incorrect reward distribution

  • Incorrect Balances:
    balanceOf returns incomplete information
    Users can't verify their true position

Tools Used

  • Manual Review

Recommendations

Use DEToken balances instead of userDeposits for all operations.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.