After the deployment of the initial StableAsset contract, on the transition to the unpaused state prior to the protocol's first mint, there exists a possibility of a third-party to mint 2 wei of poolToken by depositing 1 wei of the tokens in the pool. This action enables the attacker to subsequently transfer a substantial amount of tokens to this StableAsset address and invoke the rebase function, thereby artificially inflating the exchange rate of poolToken and increasing its totalSupply. This could potentially block all the subsequent mints of lower amounts than the overinflated totalSupply value.
This issue is classified as medium due to the possibility to block protocol operations until the deployer intervenes by halting and redeploying the pools and poolToken.
After the deployment of the initial StableAsset contract, on the transition to the unpaused state prior to the protocol's first mint, there exists a possibility of a third-party to mint 2 wei of poolToken by depositing 1 wei of the tokens in the pool. This action enables the attacker to subsequently transfer a substantial amount of tokens to this StableAsset address and invoke the rebase function, thereby artificially inflating the exchange rate of poolToken and increasing its totalSupply. This could potentially block all the subsequent mints of lower amounts than the overinflated totalSupply value.
This issue is classified as medium due to the possibility to block protocol operations until the deployer intervenes by halting and redeploying the pools and poolToken.