Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Incorrect scaling between `deCRVUSD` and `rCRVUSD`.

s0x0mtee

Summary

The calculateRcrvUSDAmount function incorrectly computes the scaling factor when converting between deCRVUSD and rCRVUSD.

Vulnerability Details

The scaling factor is calculated as:

uint256 scalingFactor = 10**(18 + rTokenDecimals - deTokenDecimals);

This formula incorrectly applies the decimal adjustment, leading to incorrect conversion values. The correct formula should be:

uint256 scalingFactor = 10**(18 + deTokenDecimals - rTokenDecimals);

This ensures that deCRVUSD is correctly scaled down or up to match rCRVUSD's decimal precision.

Example Scenario

Assume:

  • deTokenDecimals = 6

  • rTokenDecimals = 18

  • deCRVUSDAmount = 1,000,000

  • getExchangeRate() = 2

With the incorrect formula:

scalingFactor = 10**(18 + 18 - 6)/1e18 = 10**12;
rcrvUSDAmount = (1,000,000 * 2) / 10**12 = 0 (rounds to zero)

Thus, the incorrect formula may result in zero or massively inflated values, depending on the token pair.

Impact

  • Users may receive incorrect rCRVUSD amounts upon withdrawal, leading to financial losses.

  • If the result is rounded to zero, withdrawals will fail for small amounts.

  • If the result is too high, it could drain the contract’s rCRVUSD balance.

Tools Used

Manual review

Recommendations

  • Update the formula to:

    uint256 scalingFactor = 10**(18 + deTokenDecimals - rTokenDecimals);
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Incorrect scaling factor formula in StabilityPool::calculateRcrvUSDAmount function

Both tokens have 18 decimals. Info

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!