`rescueToken` in `Rtoken`, it's never used in reserve pool
Summary
The RToken::rescueToken function is designed to allow the reservePool to rescue tokens from the RToken contract. However, the reservePool/Liquidity Pool never calls this function, rendering it ineffective. This creates a potential issue where tokens accidentally sent to the RToken contract cannot be recovered.
Vulnerability Details
The rescueToken function is restricted to the reservePool via the onlyReservePool modifier. However, the reservePool (or LiquidityPool) does not implement any functionality to call this function. As a result, if tokens (other than the main asset) are accidentally sent to the RToken contract, there is no mechanism to recover them.
Impact
The inability to call the rescueToken function can lead to tokens being permanently stuck in the RToken contract. This could result in financial losses for users or the protocol, especially if significant amounts of tokens are accidentally transferred to the contract.
Tools Used
Manual review
Recommendations
To address this issue, add a function in the LiquidityPool contract that calls the rescueToken function in the RToken contract. This ensures that the reservePool has the ability to recover tokens when necessary.
For example, implement the following function in the LiquidityPool contract:
Lead Judging Commences
RToken::rescueToken() can never be called
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.