Attacker can manipulate the pricePerShare to profit from future users' deposits
Summary
By manipulating and inflating the pricePerShare to a super high value, the attacker can cause all future depositors to lose a significant portion of their deposits to the attacker due to precision loss.
Vulnerability Detail
For example, in the DnGmxSeniorVault contract, a malicious early user can deposit() with 1 wei of USDC as the first depositor of the LToken, and get 1 wei of shares.
Then the attacker can send 10000e18 of aUSDC and inflate the price per share from 1.0000 to an extreme value of 1.0000e22 ( from (10000e18 ) / 1) .
As a result, the future user who deposits 9999e18 will only receive 0 (from 9999e18 * 1 / 10000e18) of shares token.
They will immediately lose all of their deposits.
Impact
The attacker can profit from future users' deposits. While the late users will lose part of their funds to the attacker.
Consider requiring a minimal amount of share tokens to be minted for the first minter, and send part of the initial mints as a permanent reserve to the DAO/treasury/deployer so that the pricePerShare can be more resistant to manipulation.
cccz
medium
Attacker can manipulate the pricePerShare to profit from future users' deposits
Summary
By manipulating and inflating the pricePerShare to a super high value, the attacker can cause all future depositors to lose a significant portion of their deposits to the attacker due to precision loss.
Vulnerability Detail
For example, in the DnGmxSeniorVault contract, a malicious early user can deposit() with 1 wei of USDC as the first depositor of the LToken, and get 1 wei of shares.
Then the attacker can send 10000e18 of aUSDC and inflate the price per share from 1.0000 to an extreme value of 1.0000e22 ( from (10000e18 ) / 1) .
As a result, the future user who deposits 9999e18 will only receive 0 (from 9999e18 * 1 / 10000e18) of shares token.
They will immediately lose all of their deposits.
Impact
The attacker can profit from future users' deposits. While the late users will lose part of their funds to the attacker.
Code Snippet
https://github.com/sherlock-audit/2022-10-rage-trade/blob/main/dn-gmx-vaults/contracts/ERC4626/ERC4626Upgradeable.sol#L59-L71 https://github.com/sherlock-audit/2022-10-rage-trade/blob/main/dn-gmx-vaults/contracts/ERC4626/ERC4626Upgradeable.sol#L192-L196 https://github.com/sherlock-audit/2022-10-rage-trade/blob/main/dn-gmx-vaults/contracts/ERC4626/ERC4626Upgradeable.sol#L273-L277 https://github.com/sherlock-audit/2022-10-rage-trade/blob/main/dn-gmx-vaults/contracts/vaults/DnGmxSeniorVault.sol#L370-L373
Tool used
Manual Review
Recommendation
Consider requiring a minimal amount of share tokens to be minted for the first minter, and send part of the initial mints as a permanent reserve to the DAO/treasury/deployer so that the pricePerShare can be more resistant to manipulation.
Duplicate of #37