Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Users Receive Fewer ZENO Tokens Than Expected in `buy` Function

pelz

Summary

The buy function charges users based on the auction price (cost = price * amount) but mints only the amount of ZENO tokens instead of the full cost. According to the documentation, the ratio should be 1:1, meaning users should receive tokens equal to their USDC deposit.

Vulnerability Details

function buy(uint256 amount) external whenActive {
require(amount <= state.totalRemaining, "Not enough ZENO remaining");
uint256 price = getPrice();
uint256 cost = price * amount;
require(usdc.transferFrom(msg.sender, businessAddress, cost), "Transfer failed");
bidAmounts[msg.sender] += amount;
state.totalRemaining -= amount;
state.lastBidTime = block.timestamp;
state.lastBidder = msg.sender;
zeno.mint(msg.sender, amount); // @audit-issue should mint cost, not amount
emit ZENOPurchased(msg.sender, amount, price);
}

  • Users pay cost in USDC but receive only amount in ZENO.

  • If price > 1, users end up with fewer ZENO tokens than their deposited USDC.

  • This contradicts the stated 1:1 redemption ratio, misleading participants.

Impact

  • Users suffer financial loss by receiving less than the documented amount.

Tools Used

Manual code review

Recommendations

Update the minting logic to reflect a 1:1 ratio:

zeno.mint(msg.sender, cost); // Mint the full cost in ZENO tokens
Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

ZENO.sol implements fixed 1:1 redemption with USDC regardless of auction purchase price, breaking zero-coupon bond economics and causing user funds to be permanently lost

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.