Early depositors to TokenggAVAX.sol can manipulate the price per share to steal funds from later depositors. #663
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-209
satisfactory
satisfies C4 submission criteria; eligible for awards
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
Lines of code
https://github.com/code-423n4/2022-12-gogopool/blob/main/contracts/contract/tokens/TokenggAVAX.sol#L166
https://github.com/code-423n4/2022-12-gogopool/blob/main/contracts/contract/tokens/upgradeable/ERC4626Upgradeable.sol#L42
Vulnerability details
Impact
Attackers can manipulate the price per share in
TokenggAVAX
to take an unfair share of future users because the protocol allows users to deposit a insignificant amount of tokens.Proof of Concept
A malicious early user can deposit() with 1 wei of asset token and get 1 wei of shares. Then he/she can send 10000e18 - 1 of asset tokens and inflate the price per share from 1 to an extreme value of 1e22
A future user who deposits 19999e18 will only receive 1 wei of shares token.
he/she would lose 9999e18 if they redeem() right after the deposit().
Tools Used
Manual Review
Recommended Mitigation Steps
Require minimum amount of share in deposit function and mint function.
The text was updated successfully, but these errors were encountered: