A malicious early user can deposit() with 1 wei of asset token as the first depositor of the Vault, and get 1 wei of shares token.
Then the attacker can send 10000e18 - 1 of asset tokens and inflate the price per share from 1.0000 to an extreme value of 1.0000e22 ( from (1 + 10000e18 - 1) / 1) .
As a result, the future user who deposits 19999e18 will only receive 1 wei (from 19999e18 * 1 / 10000e18) of shares token.
They will immediately lose 9999e18 or half of their deposits if they withdraw() right after the deposit().
Recommendation
Consider requiring a minimal amount of share tokens to be minted for the first minter, and send a port of the initial mints as a reserve to the DAO so that the pricePerShare can be more resistant to manipulation.
Lines of code
https://github.com/code-423n4/2022-04-jpegd/blob/e72861a9ccb707ced9015166fbded5c97c6991b6/contracts/vaults/yVault/yVault.sol#L142-L157
Vulnerability details
https://github.com/code-423n4/2022-04-jpegd/blob/e72861a9ccb707ced9015166fbded5c97c6991b6/contracts/vaults/yVault/yVault.sol#L142-L157
https://github.com/code-423n4/2022-04-jpegd/blob/e72861a9ccb707ced9015166fbded5c97c6991b6/contracts/vaults/yVault/yVault.sol#L166-L184
A malicious early user can
deposit()
with1 wei
ofasset
token as the first depositor of the Vault, and get1 wei
of shares token.Then the attacker can send
10000e18 - 1
ofasset
tokens and inflate the price per share from 1.0000 to an extreme value of 1.0000e22 ( from(1 + 10000e18 - 1) / 1
) .As a result, the future user who deposits
19999e18
will only receive1 wei
(from19999e18 * 1 / 10000e18
) of shares token.They will immediately lose
9999e18
or half of their deposits if theywithdraw()
right after thedeposit()
.Recommendation
Consider requiring a minimal amount of share tokens to be minted for the first minter, and send a port of the initial mints as a reserve to the DAO so that the pricePerShare can be more resistant to manipulation.