Closed code423n4 closed 1 year ago
trust1995 marked the issue as duplicate of #115
trust1995 marked the issue as satisfactory
trust1995 marked the issue as duplicate of #852
trust1995 changed the severity to 2 (Med Risk)
trust1995 changed the severity to QA (Quality Assurance)
Lines of code
https://github.com/code-423n4/2023-05-maia/blob/main/src/erc-4626/ERC4626.sol#L106-L110
Vulnerability details
Impact
A well known attack vector for almost all shares based liquidity pool contracts, where an early user can manipulate the price per share and profit from late users' deposits because of the precision loss caused by the rather large value of price per share.
Proof of Concept
Problems with the code:
Consider the following situation:
Have a look at this table to understand the complete PoC:
Link to Code
Tools Used
VS Code
Recommended Mitigation Steps
Assessed type
Other