First depositor can break minting of shares

[code423n4]

Lines of code

https://github.com/code-423n4/2023-02-ethos/blob/73687f32b934c9d697b97745356cdf8a1f264955/Ethos-Vault/contracts/ReaperVaultV2.sol#L319

Vulnerability details

Impact

The attack vector and impact is the same as TOB-YEARN-003, where users may not receive shares in exchange for their deposits if the total asset amount has been manipulated through a large “donation”.

Inside the _deposit function ReaperVaultV2.sol:334 calculates the _freefundswith the help of function freefunds() by using the balance() function. The balance function in-turn relies on balanceOf(address.this). The current implementation of this function is susceptible to an attack where the attacker will front-run the first deposit to the pool and inflate the price per share.

Proof of Concept

Attack Steps

1. Attacker deposits 1 wei to mint 1 share.
2. Attacker transfers an exorbitant amount (10 wETH) to the ReaperVaultV2 contract to greatly inflate the share’s price.
3. An unsuspecting tries to deposit 5 wETH . Shares minted to their address will be calculated as shares = (_amount * totalSupply()) / freeFunds . The vault has issued 1 share and has 10 wETH as its token balance. Thus, the shares = (5 wETH * 1)/10 wETH which when rounded down will be 0.
4. The user has minted 0 shares for their 5 wETH deposit.
5. The attacker essentially owns the singular share to the vault which amounts to 15 wETH and can withdraw any time.

   Tools Used

   Manual Review

Recommended Mitigation Steps

Issue the first few shares to address(0) which will make the attack unfeasible.

[c4-judge]

trust1995 marked the issue as duplicate of #848

[c4-judge]

trust1995 marked the issue as satisfactory

[c4-judge]

trust1995 changed the severity to QA (Quality Assurance)

[c4-judge]

trust1995 marked the issue as grade-b

[c4-sponsor]

0xBebis marked the issue as sponsor disputed

[0xBebis]

deposit whitelist