Core Contracts

Summary

The RToken contract contains unused variables and dead code that should be removed for efficiency and clarity.

Vulnerability Details

Unnecessary variable _liquidityIndex

• Defined as uint private _liquidityIndex;

• Initialized in the constructor with _liquidityIndex = WadRayMath.RAY;

• Can be updated using updateLiquidityIndex, but this function is never called.

• Used in transferFrom, but it has no impact since it is always equal to WadRayMath.RAY, which is simply the multiplication unit in WadRayMath.

Unnecessary variable _userState

• _userState is a struct that tracks an index.

• Since index tracking is already managed centrally by LendingPool.reserve, storing liquidity/usage index here is redundant.

Dead code in mint()

• The following code fragment attempts to track balance increases but is redundant since all scaling happens in _update().

• Remove this code.

Dead code in burn()

• The following line in burn() is unnecessary, as scaling is already handled in _update():

• Remove this code.

Unused variables _minter & _burner

• Minting and burning are managed by LendingPool, making _minter and _burner redundant.

• The following should be removed:

  • _minter and _burner variables.

  • Any functions associated with these roles.

  • From project documentation (/docs/core/tokens/RToken.md):

Impact

• Reduces gas costs and contract size by removing unnecessary storage variables and redundant code.

• Improves readability and maintainability by eliminating dead code.

Tools Used

• Manual code review

Recommendations

• Remove _liquidityIndex, _userState, _minter, _burner, and associated unused functions.

• Remove dead code from mint() and burn().

• Ensure that LendingPool fully manages minting, burning, and index updates.