Vault inflation attack #498
Conversation
|
Lets have a brainstorm session to try and attack the newly implemented fix. Action to consider:
|
There was a problem hiding this comment.
When a certain amount of time passes and the vault gains interest, the vault will steal the user's interest.
Flow:
Vault has 100 shares in the beginning.
Vault has 100 fake assets in the beginning.
User deposits 100 assets
User get 100 shares
Sometime passes and the user's money gains 10 assets of interest.
User's balance would be 105 instead of 110
This could go either way, for collateral or for debt
|
Possible solution: when deploying a vault, use the initializeVaultShares function to also deposit a certain amount of real assets instead of faking. Do the same for debt. |
| /** | ||
| * @dev Extended to avoid burning of address(this) shares created in | ||
| * `_initializeVaultShares`. See OZ implementation: {ERC20-_burn}. | ||
| */ | ||
| function __burn(address account, uint256 amount) internal virtual { | ||
| if (account == address(this)) { | ||
| revert BaseVault__burn_cannotBurn(); | ||
| } | ||
| _burn(account, amount); | ||
| } | ||
|
|
There was a problem hiding this comment.
remove this. Its not going to be used
|
This pull request was overriden by #541 . |
This pull request addresses vulnerabilities M-1 of Macro audit report.