Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Incorrect withdraw function ReserveLibrary.sol

shipkata494

Summary

The withdraw function is designed to allow users to withdraw their deposited assets from the reserve. However, there is a critical issue where the function does not explicitly transfer the withdrawn assets to the recipient

Vulnerability Details

Issue: Missing Direct Transfer to Recipient

In the following code:

(uint256 burnedScaledAmount, uint256 newTotalSupply, uint256 amountUnderlying) = IRToken(reserve.reserveRTokenAddress).burn(

recipient, // from

recipient, // receiverOfUnderlying

amount, // amount

reserve.liquidityIndex // index

);

The function calls burn on the RToken, which decreases the recipient’s balance and supposedly sends the equivalent underlying asset. However, it is not explicitly ensured that the recipient actually receives the withdrawn assets.

Impact

Fund Lockup: The contract does not correctly transfer the underlying asset after burning the RToken, the user does not receive their funds.

Tools Used

Manual code review

Recommendations

+ IERC20(reserve.reserveAssetAddress).safeTransfer(

+ recipient,

+ amountUnderlying

+);

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.