Initial depositor has to spend additional amount to mint MINIMUM_LIQUIDITY and it canot be withdrawn
Summary
Initial depositor in ArrakisMetaVaultPublic.sol has to spend MINIMUM_LIQUIDITY to mint shares and this MINIMUM_LIQUIDITY is reduced from his shares. And this amount is not able to withdrawn by the depositor.
Vulnerability Detail
The vulnerability lies in the mint function of ArrakisMetaVaultPublic contract
Here in the above code you can see the proportion is calculated wrongly before minting the MINIMUM_LIQUIDITY. At the time of deposting the propotion the totalSupply will be the MINIMUM_LIQUIDITY. So the prpotion should be calculated after minting the MINIMUM_LIQUIDITY.
And the minting of MINIMUM_LIQUIDITY is added in account of the initial depositor which is wrong mechanism this adds liabilities to the first depositor and propotion is calculated with 1 ether, which make the propostion too small if we comparing the propostion with the second depositor who minting the same shares.
Impact
The initial depositor has to spend additional amount to mint the MINIMUM_LIQUIDITY and its not possible to withdrawn this. And the prpotion is too small comparing to the futual deposits.
0xAadi
medium
Initial depositor has to spend additional amount to mint MINIMUM_LIQUIDITY and it canot be withdrawn
Summary
Initial depositor in
ArrakisMetaVaultPublic.sol
has to spend MINIMUM_LIQUIDITY to mint shares and this MINIMUM_LIQUIDITY is reduced from his shares. And this amount is not able to withdrawn by the depositor.Vulnerability Detail
The vulnerability lies in the
mint
function ofArrakisMetaVaultPublic
contracthttps://github.com/sherlock-audit/2024-03-arrakis/blob/main/arrakis-modular/src/ArrakisMetaVaultPublic.sol#L51C1-L74C6
Here in the above code you can see the proportion is calculated wrongly before minting the MINIMUM_LIQUIDITY. At the time of deposting the propotion the
totalSupply
will be the MINIMUM_LIQUIDITY. So the prpotion should be calculated after minting the MINIMUM_LIQUIDITY.And the minting of MINIMUM_LIQUIDITY is added in account of the initial depositor which is wrong mechanism this adds liabilities to the first depositor and propotion is calculated with 1 ether, which make the propostion too small if we comparing the propostion with the second depositor who minting the same shares.
Impact
The initial depositor has to spend additional amount to mint the MINIMUM_LIQUIDITY and its not possible to withdrawn this. And the prpotion is too small comparing to the futual deposits.
Code Snippet
https://github.com/sherlock-audit/2024-03-arrakis/blob/main/arrakis-modular/src/ArrakisMetaVaultPublic.sol#L66C1-L66C51
Tool used
Manual Review
Recommendation
Update the code like the below snippet.