Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Users would be minted fewer/more deToken tokens than intended

kodyvim

users can deposit rToken and receive deToken

https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/core/pools/StabilityPool/StabilityPool.sol#L176

function deposit(uint256 amount) external nonReentrant whenNotPaused validAmount(amount) {
_update();
@> rToken.safeTransferFrom(msg.sender, address(this), amount);
uint256 deCRVUSDAmount = calculateDeCRVUSDAmount(amount);
deToken.mint(msg.sender, deCRVUSDAmount);
userDeposits[msg.sender] += amount;
_mintRAACRewards();
emit Deposit(msg.sender, amount, deCRVUSDAmount);
}

The issue is that the function transfers rToken from the user before calculating calculateDeCRVUSDAmount, This would affect the supply of rToken before the amount to be minted is calculated.

Impact

Users would be mint fewer/more deToken depending on the exchangeRate calculation which on the current implementation is commented out.

Recommendation

function deposit(uint256 amount) external nonReentrant whenNotPaused validAmount(amount) {
_update();
- rToken.safeTransferFrom(msg.sender, address(this), amount);
uint256 deCRVUSDAmount = calculateDeCRVUSDAmount(amount);
+ rToken.safeTransferFrom(msg.sender, address(this), amount);
deToken.mint(msg.sender, deCRVUSDAmount);
userDeposits[msg.sender] += amount;
_mintRAACRewards();
emit Deposit(msg.sender, amount, deCRVUSDAmount);
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

kodyvim Submitter
7 months ago
inallhonesty Lead Judge
7 months ago
inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!