First depositor of the pool can break minting of the Bath Token shares
An attacker -who is the first one to deposit- sends 1 wei and bypasses (totalSupply == 0) condition.
Later a very large amount of donation to the pool and inflates the shares proportionality ratio.
Subsequent depositors instead have to deposit an equivalent sum to avoid minting 0 shares. Otherwise, their deposits accrue to the attacker who holds the only share.
function _deposit(uint256 assets, address receiver)
internal
returns (uint256 shares)
{
uint256 _pool = underlyingBalance();
uint256 _before = underlyingToken.balanceOf(address(this));
// **Assume caller is depositor**
underlyingToken.transferFrom(msg.sender, address(this), assets);
uint256 _after = underlyingToken.balanceOf(address(this));
assets = _after.sub(_before); // Additional check for deflationary tokens
(totalSupply == 0) ? shares = assets : shares = (
assets.mul(totalSupply)
).div(_pool);
// Send shares to designated target
_mint(receiver, shares);
emit LogDeposit(
assets,
underlyingToken,
shares,
msg.sender,
underlyingBalance(),
outstandingAmount,
totalSupply
);
emit Deposit(msg.sender, msg.sender, assets, shares);
}
Manual Review
Ensure the number of shares to be minted is non-zero
Uniswap V2 solved this problem by sending the first 1000 LP tokens to the zero address. The same can be done in this case i.e. when totalSupply() == 0, send the first min liquidity LP tokens to the zero address to enable share dilution.
The text was updated successfully, but these errors were encountered:
All reactions