First PublicVault depositor can be front-run and have part of their deposit stolen #509
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-588
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2023-01-astaria/blob/main/src/PublicVault.sol#L251-L265
https://github.com/AstariaXYZ/astaria-gpl/blob/4b49fe993d9b807fe68b3421ee7f2fe91267c9ef/src/ERC4626-Cloned.sol#L112
Vulnerability details
Description
The first deposit with a
totalSupply
of zero shares will mint shares equal to the deposited amount.Link to Code
Link to Code
Problems with the code:
Impact
It can lead to some part of Fund getting stolen from First Depositor (which will be the LP Provider).
Proof of Concept
Consider the following situation:
Here is the Detail analysis of the above PoC done by Spearbit.
This analysis confirms this clear Path of attack which can be used by the attacker.
Tools Used
Manual Review
Recommended Mitigation Steps
The text was updated successfully, but these errors were encountered: