air_0x - The share allocation mechanism is vulnerable to front-running leading to an excessive share issuance for minimal initial contribution of 1wei #94
The share allocation mechanism is vulnerable to front-running leading to an excessive share issuance for minimal initial contribution of 1wei
Summary
The share allocation mechanism is vulnerable to front-running. An attacker(Alice) can exploit this by providing minimal liquidity 1 wei before other users deposit significant amounts. This initial minimal deposit leads to the attacker receiving an excessively large number of shares.
Vulnerability Detail
The vulnerability lies in the initial liquidity provision and share calculation. The share allocation does not account for very small deposits, leading to an excessive share issuance for minimal initial contributions.
The steps are as follows:
An attacker(Alice) makes an initial deposit of 1 wei of token0 and token1 to the vault.
Due to the way shares are calculated, the attacker(Alice) receives a disproportionately large number of shares for this minimal deposit,
A legitimate user subsequently deposits a significant amount (e.g., 100 units of token0 and token1.
The attacker, holding a disproportionately large number of shares, withdraws from the vault.
The attacker receives a substantial portion of the vault's funds, far exceeding their initial minimal deposit.
In the test suite , add the following helper deposit function :
air_0x
high
The share allocation mechanism is vulnerable to front-running leading to an excessive share issuance for minimal initial contribution of 1wei
Summary
The share allocation mechanism is vulnerable to front-running. An attacker(Alice) can exploit this by providing minimal liquidity
1 wei
before other users deposit significant amounts. This initial minimal deposit leads to the attacker receiving an excessively large number of shares.Vulnerability Detail
The vulnerability lies in the initial liquidity provision and share calculation. The share allocation does not account for very small deposits, leading to an excessive share issuance for minimal initial contributions.
The steps are as follows:
An attacker(Alice) makes an initial deposit of
1 wei
oftoken0
andtoken1
to the vault.Due to the way shares are calculated, the attacker(Alice) receives a disproportionately large number of shares for this minimal deposit,
A legitimate user subsequently deposits a significant amount (e.g., 100 units of token0 and token1.
The attacker, holding a disproportionately large number of shares, withdraws from the vault.
The attacker receives a substantial portion of the vault's funds, far exceeding their initial minimal deposit.
In the test suite , add the following helper deposit function :
Now the poc
Impact
This will result in loss of legimate users funds . Legitimate users wont be able to withdraw their funds .
Code Snippet
https://github.com/sherlock-audit/2024-05-beefy-cowcentrated-liquidity-manager/blob/main/cowcentrated-contracts/contracts/strategies/velodrome/StrategyPassiveManagerVelodrome.sol#L28
https://github.com/sherlock-audit/2024-05-beefy-cowcentrated-liquidity-manager/blob/main/cowcentrated-contracts/contracts/vault/BeefyVaultConcLiq.sol#L16
Tool used
Manual Review
Recommendation