Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

`Zeno::redeem` function does not redeem bidder full USDC amount at maturity date

farismaulana

Summary

Zeno token are bought via auction, where the early buyer pays higher amount than those whole late, in hope of getting the full USDC back later at redemption. But the redeemlogic does not calculate this price and always redeem at 1:1 for zeno:usdc, resulting loss to all buyer.

Vulnerability Details

ZENO.sol#L46-L63

function redeem(uint amount) external nonReentrant {
if (!isRedeemable()) {
revert BondNotRedeemable();
}
if (amount == 0) {
revert ZeroAmount();
}
@> uint256 totalAmount = balanceOf(msg.sender);
if (amount > totalAmount) {
revert InsufficientBalance();
}
totalZENORedeemed += amount;
@> _burn(msg.sender, amount);
@> USDC.safeTransfer(msg.sender, amount);
}

notice that in above code that the amount is checked against user balance and then burned, this amount is also get sent to redeemer. in fact these two token is not always 1:1 because the bidder have different price when bidding zeno token. also they have different decimals.

Impact

buying then redeeming zeno token would result in loss even when the zeno token already matured

Tools Used

manual review

Recommendations

fix the redeeming logic so it benefit those who buy early by considering the price at bidding, also the decimals difference between two tokens.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Validated
Assigned finding tags:

Decimal precision mismatch between ZENO token (18 decimals) and USDC (6 decimals) not accounted for in redemption, causing calculation errors and incorrect payments

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.