Rouding error attack is possible Though dead shares have been transferred in Address(0)
Vulnerability Detail
The hacker back-runs a transaction of a new pair creation.
The hacker mints 1,000 shares: deposit(1000). Thus, totalAsset()==1000, totalSupply()==1000. Note that the balanceOf(hacker) == 0 and balanceOf(address(0)) == 1000 in this example.
The hacker front-runs the deposit of the victim who wants to deposit 20,000 USDT (20,000.000000).
The hacker inflates the denominator right in front of the victim: asset.transfer(20_000_000e6). Now totalAsset() == 20_000_000e6 + 1000, totalSupply() == 1000
Next, the victim's tx takes place. The victim gets 1000 * 20_000e6 / (20_000_000e6 + 1000) == 0 shares. The victim gets zero shares, losing their deposit to the pool.
Thus, the hacker burns any deposit of the victim, but spends a thousand times more money to do so.
Impact
Loss of the user funds although the attacker loss his funds
goluu
high
Attack Due To Rounding Error
Summary
Rouding error attack is possible Though dead shares have been transferred in Address(0)
Vulnerability Detail
Impact
Loss of the user funds although the attacker loss his funds
Code Snippet
https://github.com/sherlock-audit/2024-02-jala-swap/blob/main/jalaswap-dex-contract/contracts/JalaPair.sol#L147
Tool used
Manual Review
Recommendation
Track transaction When new pair create.
Duplicate of #28