Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Hardcoded Exchange Rate

Deleted user

Summary
The StabilityPool.getExchangeRate function returns a hardcoded 1e18 value, ignoring actual pool balances. This creates a permanent 1:1 ratio between rToken and deToken, regardless of market conditions.

Impact

  • Incorrect Token Minting/Burning: Users receive incorrect amounts of deToken during deposits/withdrawals.

  • Protocol-Wide Accounting Failure: Breaks the core mechanism for tracking liquidity provider shares.

  • Arbitrage Exploits: Attackers could drain reserves by exploiting artificial pricing.

Tools Used

  • Manual code review

Recommendations

function getExchangeRate() public view returns (uint256) {
uint256 totalR = rToken.balanceOf(address(this));
uint256 totalDe = deToken.totalSupply();
return totalDe == 0 ? 1e18 : (totalR * 1e18) / totalDe;
}

  • Implement dynamic exchange rate calculation based on actual pool balances.

  • Add unit tests verifying rate changes during deposits/withdrawals.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

StabilityPool::getExchangeRate hardcodes 1:1 ratio instead of calculating real rate, enabling unlimited deToken minting against limited reserves

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

StabilityPool::getExchangeRate hardcodes 1:1 ratio instead of calculating real rate, enabling unlimited deToken minting against limited reserves

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!