Core Contracts

Summary

The burn function in the RToken contract is intended to return the amount of scaled tokens burned as its first return value. However, the implementation erroneously returns the unscaled amount instead of the computed amountScaled, which does not match the documented specification.

Vulnerability Details

According to the NatSpec documentation for the burn function, the function should return a tuple containing:

1. The amount of scaled tokens burned.

2. The new total supply after burning.

3. The amount of underlying asset transferred.

The current implementation of the function returns the following:

Here, amount represents the unscaled token amount (i.e., the underlying asset amount), while the function computes the scaled value as follows:

Impact

• Integration Errors:
  External systems or smart contracts that depend on the return values of this function may incorrectly calculate the burned debt, leading to misaligned accounting in the protocol.

• User and Developer Confusion:
  The inconsistency between the documentation and the actual return values can cause confusion among developers and auditors, undermining confidence in the contract's reliability.

• Potential Financial Inaccuracies:
  Incorrect reporting of the scaled token burn could affect interest accrual calculations and other financial metrics, ultimately impacting user balances and overall protocol stability.

Tools Used

• Manual code review

Recommended Mitigation

Modify the return statement in the burn function so that the first return value is the computed amountScaled. For example, update the return statement to: