Depositors might lose funds due to the lack of checking whether the shares to be minted is equal to zero. When this happens, the assets will be deposited into the vault, but the depositors will receive zero shares. This is independent from the initial depositor attack issue, which means, even the first depositor attack issue is resolved, the issue here still needs to be addressed.
Proof of Concept
Suppose the exchange rate is 1.1e18. Alice calls deposit() with assets = 1.
Normally, when shares = 0; the deposit() function should revert, but in this case it does not. As a result, the depositor will lose 1 asset tokens and return zero shares.
Tools Used
Manual Review
Recommended Mitigation Steps
It is critical to have a zero share check and revert when the number of shares is zero.
Lines of code
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L407-L413
Vulnerability details
Impact
Depositors might lose funds due to the lack of checking whether the shares to be minted is equal to zero. When this happens, the assets will be deposited into the vault, but the depositors will receive zero shares. This is independent from the initial depositor attack issue, which means, even the first depositor attack issue is resolved, the issue here still needs to be addressed.
Proof of Concept
Suppose the exchange rate is 1.1e18. Alice calls deposit() with assets = 1.
The number of shares calculated will be 1 * 1e18 / 1.1e18 = 0
Normally, when shares = 0; the deposit() function should revert, but in this case it does not. As a result, the depositor will lose 1 asset tokens and return zero shares.
Tools Used
Manual Review
Recommended Mitigation Steps
It is critical to have a zero share check and revert when the number of shares is zero.
Assessed type
ERC4626