Core Contracts

Summary

The RToken contract’s mint function returns a tuple whose second and fourth values are reversed relative to the documented specification. While the NatSpec documentation indicates that the second value should be the scaled tokens minted and the fourth value should be the underlying tokens minted, the implementation returns these values in the opposite order.

Vulnerability Details

According to the NatSpec documentation, the mint function should return a tuple with the following order:

1. A boolean indicating if this is the first mint for the recipient.

2. The amount of scaled tokens minted.

3. The new total supply after minting.

4. The amount of underlying tokens minted.

However, the implementation returns the tuple as follows:

Here:

• amountToMint represents the underlying tokens minted.

• amountScaled represents the scaled tokens minted.

This ordering is the reverse of what the documentation describes. As a result, any external contracts or off-chain systems relying on the documented return order may misinterpret the mint results, potentially leading to miscalculations in debt tracking or interest accrual.

Impact

• Integration Issues:
  Systems that interact with this function based on the documented return order could process the returned values incorrectly, leading to errors in token accounting or interest computations.

• User Confusion:
  Developers and auditors relying on the documentation may be misled about the actual behavior of the function, undermining confidence in the protocol's implementation.

• Potential Financial Errors:
  Misinterpretation of the minted amounts can result in incorrect calculations

Tools Used

• Manual code review

Recommended Mitigation

• Correct the Return Order:
  Adjust the implementation of the mint function so that it returns the values in the order specified by the documentation. For example, modify the return statement to:

  return (isFirstMint, amountScaled, totalSupply(), amountToMint);

• Alternatively, Update Documentation:
  If the current return order in the code is intended, update the NatSpec documentation to accurately reflect that the second return value is the underlying tokens minted and the fourth return value is the scaled tokens minted. Ensure that all external integrations are aware of the correct ordering.