Early depositors to TokenggAVAX.sol can manipulate the price per share to steal funds from later depositors. #663
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-209
satisfactory
satisfies C4 submission criteria; eligible for awards
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
Comments
code423n4
added
2 (Med Risk)
C4-Staff
added a commit
that referenced
this issue
Jan 6, 2023
|
GalloDaSballo marked the issue as duplicate of #209 |
c4-judge
added
3 (High Risk)
|
GalloDaSballo changed the severity to 3 (High Risk) |
|
GalloDaSballo marked the issue as satisfactory |
c4-judge
added
the
satisfactory
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2022-12-gogopool/blob/main/contracts/contract/tokens/TokenggAVAX.sol#L166
https://github.com/code-423n4/2022-12-gogopool/blob/main/contracts/contract/tokens/upgradeable/ERC4626Upgradeable.sol#L42
Vulnerability details
Impact
Attackers can manipulate the price per share in
TokenggAVAXto take an unfair share of future users because the protocol allows users to deposit a insignificant amount of tokens.Proof of Concept
A malicious early user can deposit() with 1 wei of asset token and get 1 wei of shares. Then he/she can send 10000e18 - 1 of asset tokens and inflate the price per share from 1 to an extreme value of 1e22
A future user who deposits 19999e18 will only receive 1 wei of shares token.
he/she would lose 9999e18 if they redeem() right after the deposit().
Tools Used
Manual Review
Recommended Mitigation Steps
Require minimum amount of share in deposit function and mint function.
The text was updated successfully, but these errors were encountered: