Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

The Withdraw event in LendingPool does not emit the correct value

avoloder

Summary

The Withdraw event does not emit the correct value for the amount withdrawn

Vulnerability Details

According to the event definition, the event should emit the address of the user withdrawing and the amount withdrawn. The value comes from the calculations performed in ReserveLibrary.withdraw() function as it can be seen from the following snippet:

/**
* @notice Allows a user to withdraw reserve assets by burning RTokens
* @param amount The amount of reserve assets to withdraw
*/
function withdraw(uint256 amount) external nonReentrant whenNotPaused onlyValidAmount(amount) {
if (withdrawalsPaused) revert WithdrawalsArePaused();
// Update the reserve state before the withdrawal
ReserveLibrary.updateReserveState(reserve, rateData);
// Ensure sufficient liquidity is available
_ensureLiquidity(amount);
// Perform the withdrawal through ReserveLibrary
(uint256 amountWithdrawn, uint256 amountScaled, uint256 amountUnderlying) = ReserveLibrary.withdraw(
reserve, // ReserveData storage
rateData, // ReserveRateData storage
amount, // Amount to withdraw
msg.sender // Recipient
);
// Rebalance liquidity after withdrawal
_rebalanceLiquidity();
emit Withdraw(msg.sender, amountWithdrawn);
}

However the ReserveLibrary.withdraw() frunction returns the wrong value for the amountWithdrawn causing the event to emit the wrong value

function withdraw(
ReserveData storage reserve,
ReserveRateData storage rateData,
uint256 amount,
address recipient
) internal returns (uint256 amountWithdrawn, uint256 amountScaled, uint256 amountUnderlying) {
if (amount < 1) revert InvalidAmount();
// Update the reserve interests
updateReserveInterests(reserve, rateData);
// Burn RToken from the recipient - will send underlying asset to the recipient
(uint256 burnedScaledAmount, uint256 newTotalSupply, uint256 amountUnderlying) = IRToken(reserve.reserveRTokenAddress).burn(
recipient, // from
recipient, // receiverOfUnderlying
amount, // amount
reserve.liquidityIndex // index
);
amountWithdrawn = burnedScaledAmount;
// Update the total liquidity and interest rates
updateInterestRatesAndLiquidity(reserve, rateData, 0, amountUnderlying);
emit Withdraw(recipient, amountUnderlying, burnedScaledAmount);
//@audit-issue it returns wrong amount => amountUnderlying instead of amountWithdrawn
return (amountUnderlying, burnedScaledAmount, amountUnderlying);
}

As it can be seen, the function returns amountUnderlying two times instead of returning amountWithdrawn in the first place of the tupple.

Impact

The emitted events showing inaccurate logs causing the confusion and misleading users, damaging the overall realiability of the system

Tools Used

Manual Review

Recommendations

Make sure that ReserveLibrary.withdraw() function returns amountWithdrawn instead of amountUnderlying

return (amountWithdrawn, burnedScaledAmount, amountUnderlying);

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::_rebalanceLiquidity emits an event with stale buffer

Invalidated by appeal in 1090

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::_rebalanceLiquidity emits an event with stale buffer

Invalidated by appeal in 1090

Appeal created

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

LendingPool::_rebalanceLiquidity emits an event with stale buffer

Invalidated by appeal in 1090

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!