Closed sherlock-admin3 closed 2 months ago
Escalate.
Not a dupe of #26, but rather dupe of the 4626 inflation attack, which has been mentioned in a few other issues
Escalate.
Not a dupe of #26, but rather dupe of the 4626 inflation attack, which has been mentioned in a few other issues
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
This is a known issue. Check this from the previous report: https://github.com/sentimentxyz/protocol-v2/blob/master/audits/sentiment_v2_zobront.md#m-02-erc4626-is-vulnerable-to-donation-attacks
According to the readme:
Previously acknowledged issues from past audits must be considered acceptable risks.
Planning to reject the escalation and leave the issue as is.
Result: Invalid Duplicate of #26
ajayss
Medium
initial depositor will use inflation attack of ERC4626 to steal subsequent deposit assets
Summary
The initial deposit problem of ERC4626 allows the first depositor to deposit 1 asset to get 1 share. Then a victim's transaction is seen in the mempool and front-run with a transfer transaction to increase the totalAssets amount such that the victim gets one share
After the victim deposits his assets, the attacker withdraws his share netting his asset and the victim's assets
Root Cause
In
Pool.sol:310
The case of inflation attacks hasn't been dealt with. For example uniswap sends the first 1000 shares to the zero address. https://github.com/sherlock-audit/2024-08-sentiment-v2/blob/main/protocol-v2/src/Pool.sol#L315Internal pre-conditions
deposit
to get1 share
1 share
withdraws
his share and nets a decent chunk of the victim's assetsExternal pre-conditions
None
Attack Path
Impact
No response
PoC
No response
Mitigation
Any of the popular defenses https://blog.openzeppelin.com/a-novel-defense-against-erc4626-inflation-attacks
Duplicate of #26