Submission Details
Severity:
Wrong event emitted in `DebtToken::burn`
Summary
The debtToken::burn function emits a Burn event that, according to its natspec documentation, should contain "the amount burned (in underlying asset units)". However, the implementation emits the scaled amount instead of the underlying amount.
Vulnerability Details
function burn(
address from,
uint256 amount,
uint256 index
) external override onlyReservePool returns (uint256, uint256, uint256, uint256) {
...omitted code
_burn(from, amount.toUint128());
@> emit Burn(from, amountScaled, index);
return (amount, totalSupply(), amountScaled, balanceIncrease);
}
Impact
Off-chain systems and front-end monitoring these events will receive and process incorrect amount values, leading to inaccurate accounting or display of burned amounts.
Tools Used
Manual review
Recommendations
Modify the event emission to use the underlying amount value as documented.
function burn(
address from,
uint256 amount,
uint256 index
) external override onlyReservePool returns (uint256, uint256, uint256, uint256) {
...omitted code
_burn(from, amount.toUint128());
- emit Burn(from, amountScaled, index);
+ emit Burn(from, amount, index);
return (amount, totalSupply(), amountScaled, balanceIncrease);
}
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
DebtToken::burn emits Burn event with scaled amount instead of raw amount, contradicting documentation and causing incorrect off-chain data
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
DebtToken::burn emits Burn event with scaled amount instead of raw amount, contradicting documentation and causing incorrect off-chain data
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.