Since totalSupply is constantly increasing, Therefore, when the value of totalSupply is accumulated (many deposits in a short time) and _totalAssets in the pool is small, a user with balanceOf(msg.sender) greater than 0 May not be able to deposit.
The attacker can make totalSupply increase temporarily, or the attacker can donate the balance to the specified account so that his balance is greater than 0.
c4-bot-4
commented
5 months ago
Lines of code
https://github.com/code-423n4/2024-05-bakerfi/blob/59b1f70cbf170871f9604e73e7fe70b70981ab43/contracts/core/Vault.sol#L212
Vulnerability details
Impact
DoS attacks make it impossible for others to deposit
Proof of Concept
maxDepositis set in thedepositfunction:_tokenPerETH = (totalSupply() * 1 ether) / _totalAssets;
Because _totalAssets = totalCollateralInEth - totalDebtInEth So the value of _totalAssets might be small.
Suppose _totalAssets = 1wei, afterDeposit = msg.value + balanceOf(msg.sender) * totalSupply()
Since
totalSupplyis constantly increasing, Therefore, when the value oftotalSupplyis accumulated (many deposits in a short time) and_totalAssetsin the pool is small, a user withbalanceOf(msg.sender)greater than 0 May not be able to deposit.The attacker can make
totalSupplyincrease temporarily, or the attacker can donate the balance to the specified account so that his balance is greater than 0.Tools Used
vscode, manual
Recommended Mitigation Steps
Change the calculation method of
maxDeposit.Assessed type
DoS