Closed code423n4 closed 1 year ago
kirk-baird marked the issue as duplicate of #3
kirk-baird changed the severity to 2 (Med Risk)
kirk-baird marked the issue as not a duplicate
kirk-baird marked the issue as duplicate of #21
kirk-baird marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2023-05-xeth/blob/d86fe0a9959c2b43c62716240d981ae95224e49e/src/wxETH.sol#L212
Vulnerability details
Impact
The first staker may suffer an Inflation Attack and lose the funds
Proof of Concept
Currently
wxETH
still has the common ERC4626 'Inflation Attack'malicious users can front-run the first staker, raise exchange rates through donations, then achieve
Inflation Attack
Suppose wxETH is currently empty stake
Here is the sample code:
add to wxETH.t.sol
Tools Used
Recommended Mitigation Steps
It is recommended to refer to the new 4.9.0 release of OpenZeppelin, which has a special version of ERC4626 'Inflation Attack' for this
https://twitter.com/OpenZeppelin/status/1656066698410328064?s=20
Assessed type
Context