Wrong return parameters in the mint function.
Summary
The RToken::mint function incorrectly returns parameters, causing a mismatch in the variables when deconstructing the return values in ReserveLibrary::deposit.
Vulnerability Details
The execution flow follows:
LendingPool::deposit => ReserveLibrary::deposit => IRToken(reserve.reserveRTokenAddress).mint
The mint function of RToken returns the following values:
However, in the ReserveLibrary::deposit function, these returned values are deconstructed as:
The Issue
There is a mismatch between the expected and actual return values:
The 2nd and 4th variables are interchanged.
The
amountScaled(expected as the 2nd return) is actuallyamountToMint, which is in asset tokens instead of scaled RTokens.
Impact
This discrepancy leads to:
Incorrect minted token amount shown to the user.
Events emitting incorrect minted amounts, leading to confusion and potential accounting errors.
Tools Used
Manual code review.
Recommendations
Ensure the correct order of returned values from the RToken::mint function to align with the deconstruction in ReserveLibrary::deposit. Specifically:
Swap the 2nd and 4th return values to match the expected order.
Lead Judging Commences
RToken::mint doesn't return data in the right order, making the protocol emit wrong events
RToken::mint doesn't return data in the right order, making the protocol emit wrong events
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.