Initial user setting minLpTokenAmount
too low will lose funds
#317
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-442
satisfactory
satisfies C4 submission criteria; eligible for awards
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
Lines of code
https://github.com/code-423n4/2022-12-caviar/blob/0212f9dc3b6a418803dbfacda0e340e059b8aae2/src/Pair.sol#L426
Vulnerability details
Impact
In some protocols, a common vulnerability exists where the first depositor can be frontrun to have their entire initial deposit stolen (e.g. see code-423n4/2022-01-sherlock-findings#39). If the first user does not properly set the
minLpTokenAmount
inadd
function, they will be susceptible to this attack. For extra safety, you could consider minting some of the initialMath.sqrt(x * y)
tokens from the first deposit to the zero address.Proof of Concept
x
baseToken andy
fractionalToken, and sets their minminLpTokenAmount
too low.x
and 1 wei ofy
. This makes the LP total supply 1. The attack also manually transfersx+1
andy+1
baseToken and fractionalToken directly to the pool contract.minLpTokenAmount
high enough, then this would be an issue.Tools Used
Manual.
Recommended Mitigation Steps
Consider minting some of the initial shares minted to the zero address, so that an attacker can't do this attack.
The text was updated successfully, but these errors were encountered: