Lines of code

https://github.com/code-423n4/2024-07-karak/blob/f5e52fdcb4c20c4318d532a9f08f7876e9afb321/src/Vault.sol#L78

Vulnerability details

Impact

The vulnerability in the vault contract allows an attacker to manipulate the share and asset calculations, leading to the theft of user deposits. The issue arises when an attacker front-runs a user's deposit transaction by first depositing a minimal amount (1 wei) and then donating a large amount of the asset to the vault.

Karak-restaking uses Solady's ERC4626 implementation, which mitigates the attack to some extent by adding an extra 1 in calculations, the attack can still be profitable if multiple first deposits of similar size occur in the mempool.

Code

function convertToShares(uint256 assets) public view virtual returns (uint256 shares) {
        if (!_useVirtualShares()) {
            uint256 supply = totalSupply();
            return _eitherIsZero(assets, supply)
                ? _initialConvertToShares(assets)
                : FixedPointMathLib.fullMulDiv(assets, supply, totalAssets());
        }
        uint256 o = _decimalsOffset();
        if (o == 0) {
            return FixedPointMathLib.fullMulDiv(assets, totalSupply() + 1, _inc(totalAssets()));
        }
        return FixedPointMathLib.fullMulDiv(assets, totalSupply() + 10 ** o, _inc(totalAssets()));
    }

Tools Used

Manual Review

Recommended Mitigation Steps

Implement "dead shares": Similar to the approach used in UniswapV2, initialize the vault with a certain amount of "dead shares" to prevent the attack by ensuring that the shares supply is not minimal.

Assessed type

Math

code-423n4 / 2024-07-karak-validation

Inflation Attack is possible on vault #326