Users will be unable to deposit their wished amount of tokens.
Proof of Concept
Similar to this ToB yearn audit, an attacker can mint a very small amount of shares and transfer a large amount of WETH to the contract, inflating the share price and making it so future users receive a very low amount of shares due to this line.
Note that in this case, the attacker cannot outright steal funds (which is why I'm sending this as a medium severity issue), however the attacker can make it so every time someone calls depositETH(), the amount of shares minted will be either very low, resulting in an almost complete refund of assets here, or zero, which reverts the call here.
Tools Used
Code reading
Recommended Mitigation Steps
Mint and transfer the first 1000 shares in the contract's constructor, or if totalSupply == 0. Make sure to send the shares to address(0xdead), since _mint() reverts on a zero address target.
Lines of code
https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol#L167
Vulnerability details
Impact
Users will be unable to deposit their wished amount of tokens.
Proof of Concept
Similar to this ToB yearn audit, an attacker can mint a very small amount of shares and transfer a large amount of
WETH
to the contract, inflating the share price and making it so future users receive a very low amount of shares due to this line.Note that in this case, the attacker cannot outright steal funds (which is why I'm sending this as a medium severity issue), however the attacker can make it so every time someone calls
depositETH()
, the amount of shares minted will be either very low, resulting in an almost complete refund of assets here, or zero, which reverts the call here.Tools Used
Code reading
Recommended Mitigation Steps
Mint and transfer the first 1000 shares in the contract's constructor, or if
totalSupply == 0
. Make sure to send the shares toaddress(0xdead)
, since_mint()
reverts on a zero address target.