Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

RToken contract doesn't mint the correct amount of interest-bearing token during deposits, leading to risk of funds of users being stolen.

tadev

Summary

mint function in RToken contract is defined as follows:

function mint(address caller, address onBehalfOf, uint256 amountToMint, uint256 index)
external
override
onlyReservePool
returns (bool, uint256, uint256, uint256)
{
if (amountToMint == 0) {
return (false, 0, 0, 0);
}
uint256 amountScaled = amountToMint.rayDiv(index);
if (amountScaled == 0) revert InvalidAmount();
uint256 scaledBalance = balanceOf(onBehalfOf);
bool isFirstMint = scaledBalance == 0;
uint256 balanceIncrease = 0;
if (_userState[onBehalfOf].index != 0 && _userState[onBehalfOf].index < index) {
balanceIncrease = scaledBalance.rayMul(index) - scaledBalance.rayMul(_userState[onBehalfOf].index);
}
_userState[onBehalfOf].index = index.toUint128();
// @audit HIGH: amount minted should be `amountScaled` instead of `amountToMint`
_mint(onBehalfOf, amountToMint.toUint128());
emit Mint(caller, onBehalfOf, amountToMint, index);
return (isFirstMint, amountToMint, totalSupply(), amountScaled);
}

The issue arises because _mint function, which will ultimately mint RToken (interest-bearing token users receive when depositing CRVUSD in the lending pool), uses amountToMint (amount in underlying asset unit) as the amount of RToken to mint, instead of amountScaled(amount of tokens to mint after dividing amountToMint by the index, which is computed but only used as a return value).

Vulnerability Details

The vulnerability is serious as _mint function will mint to many tokens in regards of how many underlying assets have been deposited.

This means an attacker could deposit an amount, and withdraw right after a greater amount, taking some profits at the expense of other users. This would actually allow any attacker to drain the entire CRVUSD balance of the RToken contract (which held underlying assets when depositing in the lending pool) by repeatedly calling deposit and withdraw

Impact

The impact of this issue is high as this miscalculation in the amount of RToken to mint will lead to systematic withdrawals of too many underlying assets in regards of how many underlying assets were deposited.

Any user could take advantage of this vulnerability and drain the entire CRVUSD balance in RToken contract.

Tools Used

Manual review.

Recommendations

Ensure that the right amount of tokens is minted during deposits:

function mint(address caller, address onBehalfOf, uint256 amountToMint, uint256 index)
external
override
onlyReservePool
returns (bool, uint256, uint256, uint256)
{
...
uint256 amountScaled = amountToMint.rayDiv(index);
if (amountScaled == 0) revert InvalidAmount();
...
// @audit : mint `amountScaled` which has been divided by the index
_mint(onBehalfOf, amountScaled);
...
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RToken::mint should mint the amountScaled not the amountToMint

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RToken::mint should mint the amountScaled not the amountToMint

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!