Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

`transfer` and `transferFrom` send different amount of `RToken`

ke1caM

Summary

In RToken contract the transfer and transferFrom are implement in a way that they send different amount of tokens.

Vulnerability Details

We can see that transfer scales amount by getNormalizedIncome value but in transferFrom we scale it by _liquidityIndex stored in RToken contract. These are 2 diffrent values thus there is a differenece between using transfer and transferFrom.

function transfer(address recipient, uint256 amount) public override(ERC20, IERC20) returns (bool) {
uint256 scaledAmount = amount.rayDiv(ILendingPool(_reservePool).getNormalizedIncome());
return super.transfer(recipient, scaledAmount);
}
function transferFrom(address sender, address recipient, uint256 amount) public override(ERC20, IERC20) returns (bool) {
uint256 scaledAmount = amount.rayDiv(_liquidityIndex);
return super.transferFrom(sender, recipient, scaledAmount);
}

Impact

transfer and transferFrom send different amount of RToken which leads to upredictible results when using and interacting with RToken.

Tools Used

Manual Review, Hardhat

Recommendations

Standarize the token transfer functions so that they transfer the same amount.

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RToken::transfer uses getNormalizedIncome() while transferFrom uses _liquidityIndex, creating inconsistent transfer amounts depending on function used

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RToken::transfer uses getNormalizedIncome() while transferFrom uses _liquidityIndex, creating inconsistent transfer amounts depending on function used

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.