Incorrect Return Value Sequence in RToken Mint Function
Summary
The RToken contract's mint function returns values in an incorrect sequence compared to its documented return specification. This mismatch between documentation and implementation can lead to incorrect interpretations by calling contracts, particularly the LendingPool, potentially causing accounting errors in the protocol.
Vulnerability Details
LendingPool::deposit --> ReserveLibrary:deposit --> RToken.mint()
LendingPool & ReserveLibrary expect amountScaled but instead recieve amountToMint.
Impact
severity: HIGH (Likelihood: Always, Impact: High )
-
The LendingPool contract receives
amountToMintwhen it expectsamountScaledin the second position -
Since scaled amounts are used to track user balances and protocol accounting, this leads to:
Incorrect user balance calculations
Inaccurate interest accrual
Potential loss of funds due to miscalculated withdrawals
Tools Used
Recommendations
Modify the return statement to return correct sequence, as expected.
return (isFirstMint, amountScaled, totalSupply(), amountToMint);
Lead Judging Commences
RToken::mint doesn't return data in the right order, making the protocol emit wrong events
RToken::mint doesn't return data in the right order, making the protocol emit wrong events
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.