Vault inflation attack is still be possible

Summary

See details.

Vulnerability Detail

The stableCollateralPerShare function calculates the collateral per share for user . However , if the first user / first depositer calculates it he will be able to get 1 share by providing 10,000 wei . So next time when the another user calculates it the first depositor can inflate the _collateralPerShare for him . Lets analize what could be happen .

1) Lets say initially when totalSupply = 0. 2) User1 deposits 1 wei as _maxAge and gets 1e18 share = 1 share. 3) User2 ( innocent victim) enters and deposits 1 ether but user1 which is melicious front-runs user2. 4) After front-running user2 , user1 gets = 1 / 1 = 1 share. 5) Now totalSuppy = 2. 6) So user 2 will be getting due to rounding down = 1 / 2 = 0. 7) Finally user1 claims all his shares by executeWithdraw function .

Impact

First depositor is able to steal innocent victims share.

Code Snippet

https://github.com/sherlock-audit/2024-03-flat-money-fix-review-contest/blob/main/flatcoin-v1/src/StableModule.sol#L205C5-L216C6 https://github.com/sherlock-audit/2024-03-flat-money-fix-review-contest/blob/main/flatcoin-v1/src/StableModule.sol#L113

Tool used

Manual Review

Recommendation

Consider set first depositor while deployment .

sherlock-audit / 2024-03-flat-money-fix-review-contest-judging

Dudex_2004 - Vault inflation attack is still be possible #13