Incorrect Amount Used in RToken Mint Function Leading to Excess Token Minting
Summary
The RToken contract's mint function contains a critical vulnerability where it uses the unscaled amount (amountToMint) instead of the scaled amount (amountScaled) when minting tokens. This results in users receiving more RTokens than they should, leading to protocol fund loss.
Vulnerability Details
In RToken contract, mint function:
The function correctly calculates the scaled amount by dividing amountToMint by the liquidity index using ray math (27 decimal precision). However, it then incorrectly uses the original amountToMint value in the _mint function instead of the calculated amountScaled value.
Impact
HIGH - The vulnerability leads to direct fund loss for the protocol
Users receive more RTokens than they should based on their deposited collateral
These excess RTokens represent claims on the underlying assets that exceed the actual deposited amount
When users redeem their RTokens, they can withdraw more funds than they should be entitled to
This creates a deficit in the protocol's reserves, potentially leading to insolvency
Tools Used
Manual review
Recommendations
Modify the mint function to use the scaled amount:
Lead Judging Commences
RToken::mint should mint the amountScaled not the amountToMint
RToken::mint should mint the amountScaled not the amountToMint
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.