Incorrect amount mint into RToken.sol
Summary
The mint function in the provided Solidity contract is responsible for minting debt tokens to a user (onBehalfOf). The function takes into account the current index (usage index) and calculates the scaled amount of tokens to mint. However, the current implementation mints the raw amountToMint (in underlying asset units) instead of the scaled amount (amountScaled). This inconsistency in units could lead to incorrect token minting and accounting.
Vulnerability Details
Here, amountToMint is the raw input amount in underlying asset units, but the rest of the function operates in scaled terms (amountScaled and balanceIncrease). The amountScaled is calculated using amountToMint.rayDiv(index), which converts the underlying asset amount into scaled debt tokens. Minting the raw amountToMint instead of the scaled amountScaled results in incorrect token minting
Impact
Incorrect Token Minting: Minting the raw
amountToMintinstead of the scaledamountScaledcould result in users receiving an incorrect amount of tokens.
Tools Used
Manual code review
Recommendations
Lead Judging Commences
RToken::mint should mint the amountScaled not the amountToMint
RToken::mint should mint the amountScaled not the amountToMint
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.