`RToken` doesn't implement interest-bearing functionality
Summary
As described in the ReadMe:
The RToken is an implementation of the interest-bearing token for the RAAC lending protocol.
The mentioned interest-bearing functionality is not currently supported by the token
Vulnerability Details
When minting tokens, we calculate how much interest is generated in the following block of code:
The problem here is that this interest is never added to amount that should be minted to the user, ultimately robbing them from funds that they deserve.
Impact
The token doesn't support the interest-bearing functionality, which leads to loss of funds for them
Tools Used
Manual review
Recommendations
Add the balanceIncrease to the amountToMint in the RToken::mint function
Lead Judging Commences
RToken::mint calculates balanceIncrease (interest accrued since last interaction) but never mints it, causing users to lose earned interest between deposits
The balanceIncrease is the interest that has already accrued on the user's existing scaledBalance since their last interaction. It's not something you mint as new tokens in the _mint function.
RToken::mint calculates balanceIncrease (interest accrued since last interaction) but never mints it, causing users to lose earned interest between deposits
The balanceIncrease is the interest that has already accrued on the user's existing scaledBalance since their last interaction. It's not something you mint as new tokens in the _mint function.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.