Inconsistency in amount transferred between transfer and transferFrom in the RToken contract
Summary
When transfering RToken we have inconsistnet logic in the transfer and transferFrom functions that calculate and send the amount to the target address.
Vulnerability Details
Due to the fact tha the _liquidityIndex is never updated by the LendingPool in the RToken contract it would always be equal to 1 RAY as this is the values set in the constructure. This means that when we call transferFrom we would transfer the same amount of RTokens that the input amount coresponds to. Compared to when we call the transfer function we would transfer current equivalent RToken amount(based on the current liqudity index) of the input amount which is in underlying asset units.
Impact
Inconsistenciy when transfering tokens depending on if we use transfer or transferFrom.
Tools Used
Manual Review
Recommendations
Rework the two functions to behave in the same way, either both transfering the input amount of tokens or expecting input in underlying asset units and transfering the equivalent based on the current liquidity index
Lead Judging Commences
RToken::transfer uses getNormalizedIncome() while transferFrom uses _liquidityIndex, creating inconsistent transfer amounts depending on function used
RToken::transfer uses getNormalizedIncome() while transferFrom uses _liquidityIndex, creating inconsistent transfer amounts depending on function used
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.