Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Incorrect Handling of amount Values Without Ray Conversion in LendingPool

thetripletail

Summary

The protocol lacks proper conversion of amount values to ray in multiple functions, leading to incorrect calculations and rounding errors. This issue is particularly evident in the RToken contract, where balanceOf returns a value in `ay but does not account for the token's decimals (18). This discrepancy can cause financial losses for the protocol and unfair outcomes for users.

Vulnerability Details

Example itself:

function decimals() public view virtual override(ERC20, IRToken) returns (uint8) {
return super.decimals(); // -> 18
}
function balanceOf(address account) public view override(ERC20, IERC20) returns (uint256) {
uint256 scaledBalance = super.balanceOf(account);
// using rayMul(ray, ray) with WAD and RAY (getNormalizedIncome returns liquidityIndex which is a ray)
return scaledBalance.rayMul(ILendingPool(_reservePool).getNormalizedIncome());
}

Impact

Financial Loss for the Protocol:

Incorrect calculations can lead to reduced revenue or increased costs for the protocol. For example, if amount is rounded down to zero, the protocol may fail to process repayments or burn tokens correctly.

Tools Used

Manual code review.

Recommendations

  1. Rework all Lending Pool functions that takes amount value as input

  2. May be add some helping functions in WadRayMath.sol. For example wadMulRay(uint wad, uint ray) -> uint ray

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.