#34995 [SC-Low] `mintDebt()` and `repayDebt()` should return `assets` and not `shares`

Submitted on Sep 2nd 2024 at 13:09:27 UTC by @sammytm for Audit Comp | Acre

• Report ID: #34995

• Report Type: Smart Contract

• Report severity: Low

• Target: https://sepolia.etherscan.io/address/0x7e184179b1F95A9ca398E6a16127f06b81Cb37a3

• Impacts:

  • Contract fails to deliver promised returns, but doesn't lose value

Description

Brief/Intro

`mintDebt()` and `repayDebt()` are used to mint debt and repay the debt by a user.

Vulnerability Details

`mintDebt()` and `repayDebt()` currently return `shares` inputted by the users and not the corresponding `assets` ```solidity function repayDebt( uint256 shares ) public whenNotPaused returns (uint256 assets) { assets = convertToAssets(shares);

    // Check the current debt of the debtor.
    if (currentDebt[msg.sender] < assets) {
        revert ExcessiveDebtRepayment(
            msg.sender,
            currentDebt[msg.sender],
            assets
        );
    }

    // Decrease the debt of the debtor.
    currentDebt[msg.sender] -= assets;

    emit DebtRepaid(msg.sender, currentDebt[msg.sender], assets, shares);

    // Decrease the total debt.
    totalDebt -= assets;

    // Burn the shares from the debtor.
    super._burn(msg.sender, shares);

    return shares;
}

``` ```solidity function mintDebt( uint256 shares, address receiver ) public whenNotPaused returns (uint256 assets) { assets = convertToAssets(shares);

```

Impact Details

The ERC4626 standard states that minting shares must return assets as return value. But this doesn't follow the standard and may cause integration issues with some smart contracts. This can also cause confusion to users, particularly when the shares : assets ratio isn't 1:1

Proof of Concept

Proof of Concept

``` describe.only("POC", () => { beforeAfterSnapshotWrapper()

}) ``` Copy in `stBTC.test.ts` and run `pnpm test`