The deposit
function in the provided smart contract incorrectly handles the return values from the mint
function. Specifically, the mint
function returns (isFirstMint, amountToMint, totalSupply(), amountScaled)
, but the deposit
function assumes the return values are (isFirstMint, amountScaled, newTotalSupply, amountUnderlying)
. This mismatch in return value handling can lead to incorrect calculations of minted amounts, liquidity updates, and financial inconsistencies in the protocol.
The mint
function returns the following values:
https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/tokens/RToken.sol#L140
isFirstMint
: A boolean indicating whether this is the first mint for the user.
amountToMint
: The actual amount of RTokens minted.
totalSupply()
: The total supply of RTokens after minting.
amountScaled
: The scaled amount of RTokens based on the index.
However, the deposit
function incorrectly interprets these return values as:
https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/libraries/pools/ReserveLibrary.sol#L337
isFirstMint
: Correctly interpreted.
amountScaled
: Incorrectly interpreted as the second return value (should be amountToMint
).
newTotalSupply
: Incorrectly interpreted as the third return value (should be totalSupply()
).
amountUnderlying
: Incorrectly interpreted as the fourth return value (should be amountScaled
).
Incorrect Event emission.
Correct Return Value Handling: Update the deposit
function to correctly interpret the return values from the mint
function.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.