Core Contracts

Summary

In the StabilityPool.sol contract the calculateRcrvUSDAmount function will not work correctly for tokens with extreme differences in decimals, such as deTokenDecimals = 24 and rTokenDecimals = 6, leading to incorrect calculations.

Vulnerability Details

The vulnerability arises from the calculateRcrvUSDAmount function, which calculates the amount of rToken to return for a given deToken redemption. The function uses a scaling factor based on the difference in decimals between the two tokens. However, the current implementation does not handle cases where the tokens have extreme differences in decimals, such as 24 decimals and 6 decimals. This can lead to incorrect calculations and improper redemption of rTokens.

Example Scenario

Consider the following scenario:

• deTokenDecimals = 24

• rTokenDecimals = 6

• deCRVUSDAmount = 1e24 (1 deToken)

• getExchangeRate() = 1e18

The function calculates the scaling factor as 10^(18 + rTokenDecimals - deTokenDecimals), which in this case would be 10^(18 + 6 - 24) = 10^0 = 1.

The calculation would then be:

Substituting the values:

This results in an incorrect value of 1e42, which is far greater than the expected amount. The correct calculation should account for the extreme difference in decimals to ensure accurate redemption.

Impact

The real impact of this vulnerability is significant. Incorrect calculations in the calculateRcrvUSDAmount function can result in users receiving more or fewer rTokens than they should. This can lead to financial discrepancies and undermine the integrity of the protocol. Users may be unfairly advantaged or disadvantaged, affecting the overall fairness and reliability of the system.

Tools Used

Manual Review

Recommendations

To mitigate this vulnerability, update the calculateRcrvUSDAmount function to handle extreme differences in token decimals correctly.