Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

calculateDustAmount has wrong Logic

olugbenga

Summary

calculateDustAmount is used to calculate the dust amount in the contract. However, the logic used for the computation is wrong.

Vulnerability Details

The calculateDustAmount() function contains two scaling errors:

  1. The contract's actual token balance is incorrectly scaled down:

    uint256 contractBalance = IERC20(_assetAddress).balanceOf(address(this))
    .rayDiv(ILendingPool(_reservePool).getNormalizedIncome());

This operation wrongly divides the actual token balance by the normalized income, when the balance represents the real amount and should not be scaled.

2) The total supply is scaled twice:

uint256 totalRealBalance = currentTotalSupply
.rayMul(ILendingPool(_reservePool).getNormalizedIncome());

Since currentTotalSupply is obtained from totalSupply(), which already includes scaling by normalized income, which results in double-scaling the value.

Impact

Since it is scaling up the totalSupply and scaling down contractBalance, this incorrect logic will lead to the owner withdrawing an amount that is not dust as dust which will affect user withdrawals and borrowing

Tools Used

Manual

Recommendations

Implement the correct logic

function calculateDustAmount() public view returns (uint256) {
uint256 contractBalance = IERC20(_assetAddress).balanceOf(address(this));
uint256 currentTotalSupply = totalSupply();
return contractBalance <= currentTotalSupply ? 0 : contractBalance - currentTotalSupply;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RToken::calculateDustAmount incorrectly applies liquidity index, severely under-reporting dust amounts and permanently trapping crvUSD in contract

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.