Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

User could deposit and get minted 0 shares in return

0xisboss

Overview

The protocol allows users to deposit tokens to the protocol and mint shares to the users in return. users are allowed to deposit tokens and mints RToken shares in return:

// Mint RToken to the depositor (scaling handled inside RToken)
(bool isFirstMint, uint256 amountScaled, uint256 newTotalSupply, uint256 amountUnderlying) = IRToken(reserve.reserveRTokenAddress).mint(
address(this), // caller
depositor, // onBehalfOf
amount, // amount
reserve.liquidityIndex // index
);

Similarly, when minting DebtTokens for borrowed amounts:

// Mint DebtTokens to the user (scaled amount)
(bool isFirstMint, uint256 amountMinted, uint256 newTotalSupply) = IDebtToken(reserve.reserveDebtTokenAddress).mint(msg.sender, msg.sender, amount, reserve.usageIndex);
// Transfer borrowed amount to

If the minted amount is 0, the user effectively loses their deposit without getting any shares.
currently there is no way users can protect themselves from slippage issues, which means users have to deposit and trust that the protocol will mint the right shares.
Additionally when carrying out the minting operation the protocol never reverts shares to be minted are 0

Impact

Loss of funds

Recommendation

Add a slippage protection mechanism

Allow users to specify a minimum shares expected, and revert if they receive less.
Enforce a minimum share check

If after minting the amount minted is 0, the function should revert.

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.