Old issuers will gain less revenue than they should take when a new user issue due to in updating the furnace melting every time we enter issueTo function
Proof of Concept
developer comment stated that the furnace melting is up-to-date but no call to furnace.melt() is done anywhere in the function.
RToken:issueTo-line-124-128
function issueTo(address recipient, uint256 amount) public notIssuancePausedOrFrozen {
// AT THIS POINT:
// all contract invariants hold
>>> // furnace melting is up-to-date
// asset states are up-to-date
// throttle is up-to-date
Impact of furnace melting being out-of-date arise
When user try to issue he will share revenue with old issuers, taking more revenue than intended.
And old users will take less revenue than they should take.
Tools Used
manual review
Recommended Mitigation Steps
Call the melt function at the beginning of issueTo function making sure new issuer don't take extra rewards from older issuers
Lines of code
https://github.com/code-423n4/2024-07-reserve/blob/3f133997e186465f4904553b0f8e86ecb7bbacbf/contracts/p1/RToken.sol#L126
Vulnerability details
Impact
Old issuers will gain less revenue than they should take when a new user issue due to in updating the furnace melting every time we enter issueTo function
Proof of Concept
developer comment stated that the furnace melting is up-to-date but no call to furnace.melt() is done anywhere in the function. RToken:issueTo-line-124-128
Tools Used
manual review
Recommended Mitigation Steps
Call the melt function at the beginning of issueTo function making sure new issuer don't take extra rewards from older issuers
Assessed type
Other