Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

The amount of minted RToken is always equal to the deposited crvUSD in the `RToken::mint` function

pianist

Summary

The contract mints RToken at a 1:1 ratio with crvUSD deposits, which is incorrect.

Vulnerability Details

Here's how the process of minting the incorrect amount of RToken works:

A user calls the LendingPool::deposit function, providing the amount variable as input, which represents the amount of crvUSD the user intends to deposit.
In the ReserveLibrary.deposit function, the specified amount of crvUSD is transferred from the user to the contract.
Next, the RToken::mint function is executed, with amount being one of the inputs.
Inside the mint function, the amount is referred to as amountToMint, which can be quite misleading.
At line 136, the amountToMint of RToken is minted for the user without considering index and balanceIncrease.

Impact

This issue can lead to users losing their funds.

Tools Used

Manual review

Recommendations

To account for index and balanceIncrease when calculating the amount of RToken to be minted, amountScaled should be computed as follows:

uint256 amountScaled = (amountToMint + balanceIncrease).rayDiv(index);

Now amountScaled should be minted instead of amountToMint.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

RToken::mint should mint the amountScaled not the amountToMint

RToken::mint calculates balanceIncrease (interest accrued since last interaction) but never mints it, causing users to lose earned interest between deposits

The balanceIncrease is the interest that has already accrued on the user's existing scaledBalance since their last interaction. It's not something you mint as new tokens in the _mint function.

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

RToken::mint should mint the amountScaled not the amountToMint

RToken::mint calculates balanceIncrease (interest accrued since last interaction) but never mints it, causing users to lose earned interest between deposits

The balanceIncrease is the interest that has already accrued on the user's existing scaledBalance since their last interaction. It's not something you mint as new tokens in the _mint function.

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!