Closed code423n4 closed 1 year ago
Picodes marked the issue as unsatisfactory: Invalid
Donation would lead to the next depositor not having to bring assets in this case
I think the donation attack may work if done in the yield vault token, but it's not the scenario here
Picodes marked the issue as satisfactory
Picodes marked the issue as duplicate of #341
Picodes changed the severity to 2 (Med Risk)
Picodes marked the issue as partial-50
Picodes marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L925-L963 https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L870-L873
Vulnerability details
Impact
The first depositor can be front run by an attacker and as a result, will lose a considerable part of the assets provided.
Proof of Concept
The vault calculates the amount of shares to be minted upon deposit to every user via the
convertToShares
function.When the pool has no share supply, the amount of shares to be minted is equal to the assets provided. An attacker can abuse this situation and profit from the rounding down operation when calculating the amount of shares if the supply is non-zero:
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L870-L873
This issue can be replicated with the following steps:
Tools Used
Manual review
Recommended Mitigation Steps
Require a minimum amount of initial shares to be minted and/or send part of the initial LP to the zero address.
Assessed type
ERC4626