Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Incorrect Interest Accrual in RToken Minting Process

0xekkoo

Summary

The RToken mint() function in the LendingPool contract incorrectly handles interest accrual during token minting. When users deposit assets, the contract mints RTokens without properly accounting for the current interest index, leading to incorrect token distribution and potential economic vulnerabilities.

Vulnerability Details

The issue occurs in the RToken mint() function:

function mint(
address caller,
address onBehalfOf,
uint256 amountToMint,
uint256 index
) external override onlyReservePool returns (bool, uint256, uint256, uint256) {
// ...
uint256 amountScaled = amountToMint.rayDiv(index);
if (amountScaled == 0) revert InvalidAmount();
uint256 scaledBalance = balanceOf(onBehalfOf);
bool isFirstMint = scaledBalance == 0;
uint256 balanceIncrease = 0;
if (_userState[onBehalfOf].index != 0 && _userState[onBehalfOf].index < index) {
balanceIncrease = scaledBalance.rayMul(index) - scaledBalance.rayMul(_userState[onBehalfOf].index);
}
_userState[onBehalfOf].index = index.toUint128();
_mint(onBehalfOf, amountToMint.toUint128()); // @audit Uses raw amount instead of scaled
// ...
}

The function correctly calculates the scaled amount but then incorrectly uses the raw amountToMint value when minting tokens. This leads to two issues:

  1. Incorrect Initial Minting: When a user deposits with an index > 1, they receive more RTokens than they should.

Initial State:

  • Index = 1.5

  • User deposits 100 crvUSD

  • Should receive: 100/1.5 = 66.67 rTokens

  • Actually receives: 100 rTokens

  1. Incorrect Interest Accrual: For users with existing deposits, the interest accrual calculation is present but ineffective since the new tokens are minted at face value.

Scenario:

  1. Index = 1.1, User deposits 100 crvUSD

    • Should receive: 90.90 rTokens (100/1.1)

    • Actually receives: 100 rTokens

  2. Index increases to 1.2, User deposits another 100 crvUSD

    • Should receive: 83.33 rTokens (100/1.2)

    • Actually receives: 100 rTokens

    • Missing interest accrual on first deposit

Impact

  1. Users receive more RTokens than they should based on the current interest index

  2. Interest accrual mechanism is effectively broken

Tools Used

Manual review

Recommendations

  1. The mint function should be modified to use the scaled amount when minting tokens and include the balance increase to account for any interest accrued.

// Mint the scaled amount plus any accrued interest
+ _mint(onBehalfOf, (amountScaled + balanceIncrease).toUint128());
- _mint(onBehalfOf, amountToMint.toUint128());
Updates

Lead Judging Commences

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RToken::mint should mint the amountScaled not the amountToMint

RToken::mint calculates balanceIncrease (interest accrued since last interaction) but never mints it, causing users to lose earned interest between deposits

The balanceIncrease is the interest that has already accrued on the user's existing scaledBalance since their last interaction. It's not something you mint as new tokens in the _mint function.

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RToken::mint should mint the amountScaled not the amountToMint

RToken::mint calculates balanceIncrease (interest accrued since last interaction) but never mints it, causing users to lose earned interest between deposits

The balanceIncrease is the interest that has already accrued on the user's existing scaledBalance since their last interaction. It's not something you mint as new tokens in the _mint function.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.