Summary

The RToken contract fails to emit critical events for balance changes during mint, burn, and transfer operations, causing external systems relying on these events to have incorrect accounting.

Vulnerability Details

The RToken contract implements interest-bearing token functionality similar to Aave's AToken, where token balances increase over time based on a liquidity index. However, the contract fails to emit events for balance increases due to index changes during key operations:

1. In RToken::mint():

1. Similar issues exist in burn() and transfer() functions where balance changes from index updates are not emitted.

The root cause is that the contract only emits events for the direct token operation amounts, but fails to account for the additional balance changes that occur due to liquidity index updates.

Impact

• External systems monitoring events for accounting purposes will have incorrect token balances

• Analytics platforms tracking token movements will show inaccurate data

• User interfaces may display wrong token amounts if they rely on event data

• Potential integration issues with protocols that depend on complete event data

Recommendations

Implement event emission for balance change functions just like Aave does with their AToken implementation.