Submission Details
Severity:
Incorrect scaling done in rtoken while minting
Summary
Incorrect scaling is done in rtoken contract while minting new tokens.
Vulnerability Details
Following is mint function in Rtoken contract
function mint(
address caller,
address onBehalfOf,
uint256 amountToMint,
uint256 index
) external override onlyReservePool returns (bool, uint256, uint256, uint256) {
if (amountToMint == 0) {
return (false, 0, 0, 0);
}
uint256 amountScaled = amountToMint.rayDiv(index);
if (amountScaled == 0) revert InvalidAmount();
uint256 scaledBalance = balanceOf(onBehalfOf);
bool isFirstMint = scaledBalance == 0;
uint256 balanceIncrease = 0;
if (_userState[onBehalfOf].index != 0 && _userState[onBehalfOf].index < index) {
balanceIncrease = scaledBalance.rayMul(index) - scaledBalance.rayMul(_userState[onBehalfOf].index);
}
_userState[onBehalfOf].index = index.toUint128();
_mint(onBehalfOf, amountToMint.toUint128());
emit Mint(caller, onBehalfOf, amountToMint, index);
return (isFirstMint, amountToMint, totalSupply(), amountScaled);
}
Now instead of minting amountScaled tokens to the depositor whole amount i.e unscaled amount is minted which is incorrect.Due to this when we check the balanceOf(onBehalfOf) it will multiply the unscaled amount with the liquidity index. Therefore increasing the balance of the user many times larger than intended.
Impact
Wrong amount of tokens minted to the user
Tools Used
Manual Review
Recommendations
Mint tokens equal to amount scaled to the user instead of the whole amount to mint.
Updates
Lead Judging Commences
inallhonesty 3 months ago
Submission Judgement Published Assigned finding tags:
RToken::mint should mint the amountScaled not the amountToMint
inallhonesty 3 months ago
Submission Judgement Published Assigned finding tags:
RToken::mint should mint the amountScaled not the amountToMint
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.