Open hats-bug-reporter[bot] opened 1 week ago
The current design ensures that only the token amounts actually used are transferred, and the corresponding tokens are minted based on these amounts. The initial deposit sets the precedent for the value and weight distribution within the vault. Subsequent deposits are minted based on the ratio of tokens added to the vault at that time.
The potential for front-running as described is mitigated because each deposit transaction is handled independently, and tokens are minted proportionally to the token amounts deposited.
@deadrosesxyz
Yes, I was missing context at time of submission. Issue can be closed as invalid.
Github username: @@deadrosesxyz Twitter username: @deadrosesxyz Submission hash (on-chain): 0x797e6d7da8062bd6709f641c1525ba651d84eb2a8bfdfa372fd040686df84e71 Severity: medium
Description: Description\ First depositor can steal 2nd depositors money due to improper slippage protection
Attack Scenario\ The slippage protection is improper as it does not verify the received tokens have the needed value.
initialLiquidity
0.98 * initialLiquidity
initialLiquidity
.initialLiquidity
.Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)