Open hats-bug-reporter[bot] opened 5 days ago
Duplicate of issue #37.
Hey first of all this issue is not duplicate of the issue you mentioned because the reason is he just reported lack of slippage functionality ( which is different) and i reported the wrong calculation of the values of share
will victim lose money in this case? absolutly we just Done it in POC that we provided
will attacker make profit off ot it? absolutly how? poc
and the migtigation would be implementing the time-weighted valuation mechanism which will not affect the value of the shares drasticly in a single moment like that case.
we think the review of this issue has lack of attention and its not duplicate of the issue he provided because there is no mention of this attack vector in his report and nor recommendation of our + poc
in this issue if you run POC, you will see attacker with front-running ends up with profit and loss of funds for victim while attacker provided value is significantly less than victim, because step-wise jump happens in share price while according to erc-4626 doc (https://eips.ethereum.org/EIPS/eip-4626) you should consider time-weighted implementation.
this issue is not duplicate of #37.
sincerely.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x96e5c9cb59c0323746aff81d55e77aaed85bde2387e7468a609c6163913b0f64 Severity: high
Description: Description
attacker can front-run any deposit and steal fraction of their deposits,
in
EthMultiVault.sol
attacker can just front-run the user who wants to deposit funds and then just callredeemAtom()
and end up having more money and user who just deposited afterwards will end up getting less asset if redeem his shares.the sandwiching process occurs in this scenario because there is no protection for massive change in value of the shares like time-weighted value calculation.
and because of loss of funds + profit for attacker we label it as High severity bug
Attack Scenario
0.044 eth
Bob lost ≈
0.23 eth
Proof of Concept (PoC)
/test/unit/EthMultiVault/DepositAtom.t.sol
forge test --mt testFrontrunAttackPOC -vvv