Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Wrong usdc transfer amount for redeem function

olugbenga

Vulnerability Details

The redeem function allows a user to redeem usdcwhen the MATURITY_DATEhas passed

function redeem(uint amount) external nonReentrant {
if (!isRedeemable()) {
revert BondNotRedeemable();
}
if (amount == 0) {
revert ZeroAmount();
}
uint256 totalAmount = balanceOf(msg.sender);
if (amount > totalAmount) {
revert InsufficientBalance();
}
totalZENORedeemed += amount;
_burn(msg.sender, amount);
USDC.safeTransfer(msg.sender, amount); // convert amount to 6 decimals
}

The issue arises because zeno token and usdc have different decimals, 18 and 6 respectively. so when the redeem functionis burning amountof zeno tokens, it has to convert the amount to USDC's 6 decimals before transferring the USDC to msg.sender.

The same issue exists in redeemAll function and the same fix will work for both

Impact

User receives more USDC than intended due to zeno having 18 decimals

Tools Used

Manual

Recommendations

convert the amount from 18 decimals to 6 decimals of usdc before transferring usdc to msg.sender

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Decimal precision mismatch between ZENO token (18 decimals) and USDC (6 decimals) not accounted for in redemption, causing calculation errors and incorrect payments

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.