Description:Description\
Upon creation of an Atom, a user can be the first depositor in the Atom they've created using _depositOnVaultCreation.
Let's take a deeper look in _depositOnVaultCreation:
For easier explanation, let's assume 5 assets = 1 share;
_setVaultTotals is executed inside _depositOnVaultCreation to increase the totalAssets and totalShares after the deposit.
The problem here is both totalAssets and totalShares are increased with the totalDelta amount which holds the user's shares.
uint256 totalDelta = isAtomWallet ? sharesForReceiver : sharesForReceiver + sharesForZeroAddress;
// set vault totals for the vault
_setVaultTotals(id, vaults[id].totalAssets + totalDelta, vaults[id].totalShares + totalDelta);
Attack Scenario\
If a user deposits 5 ETH, the totalAssets should be increased with 5 and totalShares with only 1.
However, the totalAssetswill be increased with only 1 making the user at a loss.
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)
- // set vault totals for the vault _setVaultTotals(id, vaults[id].totalAssets + totalDelta, vaults[id].totalShares + totalDelta);
+ // set vault totals for the vault _setVaultTotals(id, vaults[id].totalAssets + assets, vaults[id].totalShares + totalDelta);
Github username: -- Twitter username: -- Submission hash (on-chain): 0xc4f119a4045fa21a13f7f2a8d6f1c9796d5a179a87c0df0b70828b2b7460ecd1 Severity: high
Description: Description\ Upon creation of an Atom, a user can be the first depositor in the Atom they've created using
_depositOnVaultCreation
.Let's take a deeper look in
_depositOnVaultCreation
:For easier explanation, let's assume 5 assets = 1 share;
_setVaultTotals
is executed inside_depositOnVaultCreation
to increase thetotalAssets
andtotalShares
after the deposit. The problem here is bothtotalAssets
andtotalShares
are increased with thetotalDelta
amount which holds the user's shares.Attack Scenario\ If a user deposits 5 ETH, the
totalAssets
should be increased with 5 andtotalShares
with only 1.However, the
totalAssets
will be increased with only 1 making the user at a loss.Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)