Submission Details
Severity:
`RToken.transferFrom()` transfers incorrect amount
Summary
The RToken.transferFrom() function calculates the amount to be trasfered incorrectly.
Vulnerability Details
The RToken.transferFrom() function calculates scaledAmount as amount / reserve.liquidityIndex.
function transferFrom(address sender, address recipient, uint256 amount) public override(ERC20, IERC20) returns (bool) {
@> uint256 scaledAmount = amount.rayDiv(_liquidityIndex);
return super.transferFrom(sender, recipient, scaledAmount);
}
Then, scaledAmount is scaled again in the _update() function. As result, the real transfered amount is amount / (reserve.liquidityIndex ^ 2) which is less than correct value.
function _update(address from, address to, uint256 amount) internal override {
// Scale amount by normalized income for all operations (mint, burn, transfer)
@> uint256 scaledAmount = amount.rayDiv(ILendingPool(_reservePool).getNormalizedIncome());
super._update(from, to, scaledAmount);
}
Impact
Users receive less tokens than real amount to be transfered.
Tools Used
Manual Review
Recommendations
Remove the process of scaling amount in transferFrom().
function transferFrom(address sender, address recipient, uint256 amount) public override(ERC20, IERC20) returns (bool) {
- uint256 scaledAmount = amount.rayDiv(_liquidityIndex);
return super.transferFrom(sender, recipient, scaledAmount);
}
Updates
Lead Judging Commences
inallhonesty 3 months ago
Submission Judgement Published Assigned finding tags:
RToken::transfer and transferFrom double-scale amounts by dividing in both external functions and _update, causing users to transfer significantly less than intended
inallhonesty 3 months ago
Submission Judgement Published Assigned finding tags:
RToken::transfer and transferFrom double-scale amounts by dividing in both external functions and _update, causing users to transfer significantly less than intended
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.