ArrakisMetaVault::mint Insufficient MINIMUM_LIQUIDITY Won’t Protect Against Vault Inflation Attack (Grieving)
Low/Info issue submitted by cergyk
Summary
The MINIMUM_LIQUIDITY constant is intended to serve as a mitigation against the “ERC-4626 share inflation” attack vector. However, its current value won’t be sufficient to protect against vault inflation attacks in the ArrakisMetaVault.
Vulnerability Detail
The MINIMUM_LIQUIDITY is set to a value of 10 ** 3, or 1000: CArrakis.sol#L4.
In the ArrakisMetaVaultPublic contract, the mint function allows users to mint shares of the vault position. When the total supply is zero, the function mints MINIMUM_LIQUIDITY to the zero address to set a base liquidity level: ArrakisMetaVaultPublic.sol#L64-L67.
This approach is supposed to prevent the value of vault tokens from being manipulated, but the low value of MINIMUM_LIQUIDITY could still allow for inflation of vault tokens.
An attacker can reduce the precision of the Vault permanently, for example by donating 1 ether directly to the vault:
Scenario
Vault USDC-DAI
totalSupply == 0 initially
Attacker mints 1 share
Attacker donates 1000 USDC and 1000 DAI to the pool
All subsequent deposits will perpetually lose one-thousandth of the amount donated by the attacker, 1000 USDC in this case, because the value of the shares minted to the zero address are inflated in value.
User deposits 1000 USDC and 1000 DAI and loses 1 USDC and 1 DAI due to precision loss.
Impact
An attacker can cause a permanent grieving attack on any public vault, and cause all subsequent users to lose a small share of their deposit due to rounding.
Deploying a new public vault is the only solution, but there is a 2-day timelock after each vault deployment because the owner must call ValantisModule::setALMAndManagerFees through the timelock.
Increase the MINIMUM_LIQUIDITY value to a more substantial amount to provide better protection against inflation attacks, such as 10 ** 6: CArrakis.sol#L4
ArrakisMetaVault::mint Insufficient MINIMUM_LIQUIDITY Won’t Protect Against Vault Inflation Attack (Grieving)
Low/Info issue submitted by cergyk
Summary
The
MINIMUM_LIQUIDITYconstant is intended to serve as a mitigation against the “ERC-4626 share inflation” attack vector. However, its current value won’t be sufficient to protect against vault inflation attacks in theArrakisMetaVault.Vulnerability Detail
The
MINIMUM_LIQUIDITYis set to a value of10 ** 3, or 1000: CArrakis.sol#L4.In the
ArrakisMetaVaultPubliccontract, themintfunction allows users to mint shares of the vault position. When the total supply is zero, the function mintsMINIMUM_LIQUIDITYto the zero address to set a base liquidity level: ArrakisMetaVaultPublic.sol#L64-L67.This approach is supposed to prevent the value of vault tokens from being manipulated, but the low value of
MINIMUM_LIQUIDITYcould still allow for inflation of vault tokens.An attacker can reduce the precision of the Vault permanently, for example by donating 1 ether directly to the vault:
Scenario
Impact
An attacker can cause a permanent grieving attack on any public vault, and cause all subsequent users to lose a small share of their deposit due to rounding.
Deploying a new public vault is the only solution, but there is a 2-day timelock after each vault deployment because the owner must call
ValantisModule::setALMAndManagerFeesthrough the timelock.Code Snippet
Tool used
Manual Review
Recommendation
Increase the
MINIMUM_LIQUIDITYvalue to a more substantial amount to provide better protection against inflation attacks, such as10 ** 6: CArrakis.sol#L4