Description:Description\
Triple vaults have two vaults - a normal vault with a normal ID and a counter vault with an ID set to uint256.max - normal ID.
When making a deposit with depositTriple, we check if a user has deposited into the counter vault using _hasCounterStake. If the user has, the transaction is reverted, as they can only have shares in one of the vaults at a time.
However, another user can front-run a deposit and deposit the minimum amount of assets for the first user, preventing them from depositing into their desired triple vault, essentially causing a DOS.
Attack Scenario
Alice sends a transaction to deposit into a triple vault.
Bob sees that transaction, front-runs it, and deposits for her into the opposite vault with the minimum deposit amount.
Alice's transaction reverts because she now has some balance in the opposite vault.
Recommendations
The best solution for this issue is not clear. A crude recommendations can be to make deposits only for msg.sender.
Github username: @0x3b33 Twitter username: -- Submission hash (on-chain): 0xdca2cb75cae14bac4ac7744b79281929eef1c25c2faec691bc6cff97e630efdf Severity: medium
Description: Description\ Triple vaults have two vaults - a normal vault with a normal ID and a counter vault with an ID set to
uint256.max - normal ID
.When making a deposit with
depositTriple
, we check if a user has deposited into the counter vault using_hasCounterStake
. If the user has, the transaction is reverted, as they can only have shares in one of the vaults at a time.However, another user can front-run a deposit and deposit the minimum amount of assets for the first user, preventing them from depositing into their desired triple vault, essentially causing a DOS.
Attack Scenario
Recommendations The best solution for this issue is not clear. A crude recommendations can be to make deposits only for
msg.sender
.