Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

`RToken.updateLiquidityIndex()` is never called.

kupiasec

Summary

The RToken.updateLiquidityIndex() function is protected by the onlyReservePool modifier, allowing only the LendingPool contract to invoke it. However, the LendingPool lacks the necessary logic to call this function. Consequently, the _liquidityIndex, which represents the exchange rate between RToken and the underlying asset, cannot be updated and remains fixed at 1.

Vulnerability Details

The RToken.updateLiquidityIndex() function includes the onlyReservePool modifier, restricting its invocation to the LendingPool contract.

Unfortunately, the LendingPool does not implement any logic to call this function. As a result, the _liquidityIndex remains unchanged at its initial value of 1.

This index is crucial as it reflects the exchange rate between RToken and the underlying asset, making it essential for it to be updated regularly.

function updateLiquidityIndex(uint256 newLiquidityIndex) external override onlyReservePool {
if (newLiquidityIndex < _liquidityIndex) revert InvalidAmount();
_liquidityIndex = newLiquidityIndex;
emit LiquidityIndexUpdated(newLiquidityIndex);
}

Impact

The _liquidityIndex remains fixed at 1.

Tools Used

Manual review

Recommendations

Ensure that the LendingPool calls this function whenever the reserve state is updated.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RToken::updateLiquidityIndex() has onlyReservePool modifier but LendingPool never calls it, causing transferFrom() to use stale liquidity index values

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!