First ERC4626 deposit exploit can break share calculation #171
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-588
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
Lines of code
https://github.com/AstariaXYZ/astaria-gpl/blob/4b49fe993d9b807fe68b3421ee7f2fe91267c9ef/src/ERC4626-Cloned.sol#L107-L113
Vulnerability details
Impact
A well known attack vector for almost all shares based liquidity pool contracts, where an early user can manipulate the price per share and profit from late users' deposits because of the precision loss caused by the rather large value of price per share.
Proof Of Concept
1 - A malicious early user can
deposit()
with 1 wei of asset token as the first depositor of the LToken, and get 1 wei of shares2 - Then the attacker can send 10000e18 - 1 of asset tokens and inflate the price per share from 1.0000 to an extreme value of 1.0000e22 ( from (1 + 10000e18 - 1) / 1)
3 - As a result, the future user who deposits 19999e18 will only receive 1 wei (from 19999e18 * 1 / 10000e18) of shares token
4 - They will immediately lose 9999e18 or half of their deposits if they
redeem()
right after thedeposit()
The attacker can profit from future users' deposits. While the late users will lose part of their funds to the attacker.
Recommended Mitigation Steps
Consider either of these options:
1-Consider sending the first 1000 shares to the address 0, a mitigation used in Uniswap V2
2-In the deposit function of project, consider requiring a reasonably high minimal amount of assets during first deposit. The amount needs to be high enough to mint many shares to reduce the rounding error and low enough to be affordable to users.
3-On the first deposit, consider minting a fixed and high amount of shares, irrespective of the deposited amount
4-Consider seeding the pools during deployment. This needs to be done in the deployment transactions to avoiding front-running attacks. The amount needs to be high enough to reduce the rounding error.
5-Consider sending first 1000 wei of shares to the zero address. This will significantly increase the cost of the attack by forcing an attacker to pay 1000 times of the share price they want to set. For a well-intended user, 1000 wei of shares is a negligible amount that won't diminish their share significantly.
The text was updated successfully, but these errors were encountered: