Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Incorrect Return Values in `RToken::burn` Lead to Wrong Rate Calculations

0xrazb

1. Summary

The RToken::burn function returns the same amount twice instead of providing the actual scaled amount. Specifically, it returns:

return (amount, totalSupply(), amount);

where the third value is expected to be the interest-adjusted (scaled) amount. As a result, downstream components—particularly the ReserveLibrary—use incorrect data to update liquidity and recalculate interest rates, distorting the protocol’s entire interest model.
2. Technical Details

  1. Current Implementation

    function burn(
    address from,
    address receiverOfUnderlying,
    uint256 amount,
    uint256 index
    ) external override onlyReservePool returns (uint256, uint256, uint256) {
    ...
    uint256 amountScaled = amount.rayMul(index);
    ...
    // Returns 'amount' in both first and third positions
    return (amount, totalSupply(), amount);
    }

    • The code calculates amountScaled but never returns it.

  2. Expected Behavior

    • The protocol calls burn() expecting a tuple:
      (uint256 burnedScaledAmount, uint256 newTotalSupply, uint256 amountUnderlying)

    • That last value (“amountUnderlying” in the calling code) is used to update interest rates and liquidity.

  3. Effect on Rate Updates

    • In ReserveLibrary::withdraw, we see something like:

      (uint256 burnedScaledAmount, uint256 newTotalSupply, uint256 amountUnderlying)
      = IRToken(...).burn(...);
      // 'amountUnderlying' goes into updateInterestRatesAndLiquidity(...)
      updateInterestRatesAndLiquidity(reserve, rateData, 0, amountUnderlying);

    • Because burn() returns the unscaled amount instead of amountScaled, the wrong value is subtracted from reserve.totalLiquidity.

    • Result: The protocol miscomputes utilization, leading to erroneous interest rates for future borrowers and lenders.

3. Impact

  • Incorrect Interest Rate Calculations: Under- or overestimating the withdrawn liquidity causes misaligned utilization, directly skewing the borrow and deposit rates.

  • Systemic Imbalances: Over time, these small inaccuracies can accumulate, leading to significant mispricing of loans and deposits.

4. Recommended Fix

Return the scaled amount in the third position so the protocol correctly tracks actual underlying outflows:

- return (amount, totalSupply(), amount);
+ return (amount, totalSupply(), amountScaled);
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RToken::burn returns incorrect underlying asset amount (amount instead of amountScaled), leading to wrong interest rate calculations

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RToken::burn returns incorrect underlying asset amount (amount instead of amountScaled), leading to wrong interest rate calculations

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!