The RToken's Mint Function Returns Values in an Incorrect Order, Causing Compatibility Issues
Summary
The mint function's return values are out of order, making them incompatible with expected outputs and can potentially lead to broken integrations.
Vulnerability Details
In the NatSpec, the documentation clearly states the expected return order as:
isFirstMintamountScaledtotalSupply()amountToMint
However, the actual return statement swaps amountScaled and amountToMint:
In the ReserveLibrary contract, the deposit function relies on the return values of this mint function and expects the correct values but will end up using the wrong ones because of this incorrect order.
Impact
External systems or contracts like the ReserveLibrary relying on the expected return order will misinterpret values and use them for the wrong calculations, leading to inconsistencies in the system.
Tools Used
Manual code review
Recommendations
Fix the return statement to match the documented order.
Lead Judging Commences
RToken::mint doesn't return data in the right order, making the protocol emit wrong events
RToken::mint doesn't return data in the right order, making the protocol emit wrong events
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.