Wrong formula used in `RToken::Burn` while calculating the scaled amount.
Summary
The RToken::burn function is responsible for burning RTokens. However, it incorrectly calculates the RToken burn amount, leading to potential accounting errors.
Vulnerability Details
The RToken::burn function receives the burn amount in underlying asset units. This amount needs to be converted to RTokens to ensure accurate accounting for pool interest.
The Issue
The current implementation converts the underlying amount to scaled RTokens using:
This approach is incorrect because multiplying by the liquidity index (index) results in an inflated scaled amount.
Correct Approach
To properly convert an underlying asset amount to scaled RTokens, the correct operation is to divide the amount by the index:
This ensures that the scaling accurately reflects the proportionate share in the pool.
Impact
Incorrect accounting of RTokens, leading to inaccurate balances.
Potential loss of interest for lenders as the pool's accounting becomes inconsistent.
Tools Used
Manual code review.
Recommendations
Use rayDiv instead of rayMul to correctly convert the asset amount to scaled RTokens:
Alternatively, use mulDiv for precision arithmetic when handling complex scaling operations.
Lead Judging Commences
RToken::burn incorrectly calculates amountScaled using rayMul instead of rayDiv, causing incorrect token burn amounts and breaking the interest accrual mechanism
RToken::burn incorrectly calculates amountScaled using rayMul instead of rayDiv, causing incorrect token burn amounts and breaking the interest accrual mechanism
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.