c4-pre-sort
commented
1 year ago 0xSorryNotSorry marked the issue as duplicate of #193
Closed code423n4 closed 1 year ago
c4-pre-sort
commented
1 year ago 0xSorryNotSorry marked the issue as duplicate of #193
c4-judge
commented
1 year ago GalloDaSballo marked the issue as partial-50
GalloDaSballo
commented
1 year ago Poor description and no coded POC, but does explain the vulnerability
c4-judge
commented
1 year ago GalloDaSballo changed the severity to 2 (Med Risk)
c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #343
c4-judge
commented
1 year ago GalloDaSballo marked the issue as partial-25
d3e4
commented
1 year ago There is no issue here. If priorTokenBalance is 1, then amount*totalShares is the correct amount of shares to mint in order to withdraw the same amount as was deposited. Withdrawing gives _tokenBalance() * amountShares / priorTotalShares which in our case if we withdraw our shares again is (1 + amount) * (amount*totalShares) / (totalShares + amount*totalShares) = amount.
c4-judge
commented
1 year ago GalloDaSballo changed the severity to QA (Quality Assurance)
Lines of code
https://github.com/Layr-Labs/eigenlayer-contracts/blob/dbeb85bcd0476e06b8feebf07e33f8a53d54c029/src/contracts/strategies/StrategyBase.sol#L99
Vulnerability details
Impact
deposit()function is calculating wrong value ofnewSharewhich will cause hyper inflation ofnewShareProof of Concept
If
priorTokenBalanceis1, thennewShares = (amount * totalShares) / priorTokenBalancewillamount*totalShares/1and thenewSharewill beamount*totalSharesHere
amountwill be the input and totalShares will be thenumber of extant shares in thie Strategyso newshares could be more then intended.Tools Used
Manual Review
Recommended Mitigation Steps
maybe you could use if condition to check if
priorTokenBalanceis 1Assessed type
Math