Mint incorrect amount of tokens
Summary
In RToken contract the function mint() mints wrong amount of tokens. It was missed to add interest value to amount.
Vulnerability Details
The mint function in RToken contract expect to return:
bool: True if this is the first mint for the recipient, false otherwise
uint256: The amount of scaled tokens minted
uint256: The new total supply after minting
uint256: The amount of underlying tokens minted
In the function is forgotten to add the balance increase to the amount. It returns amountToMint with no added balanceIncrease.
Impact
The problem is that the function mints to the user wrong amount of tokens. It mints tokens with no interest value to the user.
Recommendations
To fix this issues i recommend in RToken contract in mint() function before _mint() function to add:
Lead Judging Commences
RToken::mint calculates balanceIncrease (interest accrued since last interaction) but never mints it, causing users to lose earned interest between deposits
The balanceIncrease is the interest that has already accrued on the user's existing scaledBalance since their last interaction. It's not something you mint as new tokens in the _mint function.
RToken::mint calculates balanceIncrease (interest accrued since last interaction) but never mints it, causing users to lose earned interest between deposits
The balanceIncrease is the interest that has already accrued on the user's existing scaledBalance since their last interaction. It's not something you mint as new tokens in the _mint function.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.