Share Inflation For Base LST Adapter

Summary

The well known ERC4626 inflation attack works on the BaseLSTAdapter with minor adjustments.

Vulnerability Detail

The BaseLSTAdapter is a normal ERC4626 vault. The only defense is this line:

if (shares == 0) revert ZeroShares();

However, the inflation attack does not necessarily need to round down to 0. The attack can also be performed by rounding down from 2 to 1, as shown in this example:

Let the user's deposit liquidity amount be L.

Attacker mints 1 share.
Attacker mints L/2 + 1 shares.
The user deposits L liquidity, giving them L / (L/2 + 1) = floor(1.99...) = 1 share.
Now if the user burns the 1 share, they would receive 1/2 * (L + L/2 + 1) = floor(3L/4 + 1/2) = 3L/4 liquidity, meaning they lost L/4 liquidity.

The exact same attack at the Readme here. Scroll down to "Frontrunning the first deposit may steal 1/4 of the deposit": https://github.com/ZeframLou/bunni/tree/main/src

Impact

First depositor can break minting of shares and also steal 1/4 of an initial deposit through frontrunning.

Code Snippet

https://github.com/sherlock-audit/2024-01-napier/blob/main/napier-v1/src/adapters/BaseLSTAdapter.sol#L8

Tool used

Manual Review

Recommendation

Note that an old version of OpenZeppelin's ERC4626 contracts was imported:

import {ERC4626} from "@openzeppelin/contracts@4.9.3/token/ERC20/extensions/ERC4626.sol";

OpenZeppelin contracts 5.0 has built in mitigation to the inflation attack using virtual shares, so import the 5.0 contracts instead of version 4.9.3

Duplicate of #94

sherlock-audit / 2024-01-napier-judging

Bandit - Share Inflation For Base LST Adapter #57