Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Wrong calculation in `StabilityPool.sol::calculateRcrvUSDAmount`

tenderflower730

Relevant Github Link

https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/pools/StabilityPool/StabilityPool.sol#L202

Summary

Incorrect calculation in StabilityPool.sol::calculateRcrvUSDAmount

Vulnerability Details

function calculateRcrvUSDAmount(uint256 deCRVUSDAmount) public view returns (uint256) {
uint256 scalingFactor = 10**(18 + rTokenDecimals - deTokenDecimals);
return (deCRVUSDAmount * getExchangeRate()) / scalingFactor;
}

When rToken has more decimal than deToken, number of decimal of deToken should be increase to get the amount of rToken. However, the current implementation incorrectly adjusts the scaling factor, leading to erroneous calculations.

Impact

Users will receive a lesser amount of rToken than expected when calling StabilityPool.sol::withdraw to retrieve their tokens from the protocol.

Tools Used

Manual review

Recommendations

function calculateRcrvUSDAmount(uint256 deCRVUSDAmount) public view returns (uint256) {
uint256 scalingFactor = 10**(18 + rTokenDecimals - deTokenDecimals);
- return (deCRVUSDAmount * getExchangeRate()) / scalingFactor;
+ return (deCRVUSDAmount * scalingFactor) / getExchangeRate();
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Incorrect scaling factor formula in StabilityPool::calculateRcrvUSDAmount function

Both tokens have 18 decimals. Info

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.