Submission Details
Severity:
RToken::mint() return arguments in incorrect order
Vulnerability Details
The function documentation defined RToken::mint() as:
File: contracts/core/tokens/RToken.sol#L102-L113
/**
* @notice Mints RToken to a user
* @param caller The address initiating the mint
* @param onBehalfOf The recipient of the minted tokens
* @param amountToMint The amount of tokens to mint (in underlying asset units)
* @param index The liquidity index at the time of minting
* @return A tuple containing:
* - bool: True if this is the first mint for the recipient, false otherwise
* - uint256: The amount of scaled tokens minted
* - uint256: The new total supply after minting
* - uint256: The amount of underlying tokens minted
*/
However, the 2nd and the 4th return arguments are inverted.
File: contracts/core/tokens/RToken.sol#L140
return (isFirstMint, amountToMint, totalSupply(), amountScaled);
As a result, the amountScaled used in ReserverLibrary.sol#L337 is incorrect, and so is the value passed to the Deposit event at L349.
Impact
Incorrect value of the Deposit event is emitted, potentially misleading users.
Tools Used
Manual review.
Recommendations
File: contracts/core/tokens/RToken.sol#L140
- return (isFirstMint, amountToMint, totalSupply(), amountScaled);
+ return (isFirstMint, amountScaled, totalSupply(), amountToMint);
}
Updates
Lead Judging Commences
inallhonesty 6 months ago
Submission Judgement Published Assigned finding tags:
RToken::mint doesn't return data in the right order, making the protocol emit wrong events
inallhonesty 6 months ago
Submission Judgement Published Assigned finding tags:
RToken::mint doesn't return data in the right order, making the protocol emit wrong events
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.