Code4renaCODE423N4:2022-05-RUBICON-FINDINGS-ISSUES-412First pool depositor can break minting of shares
Vulnerability details
Impact
First depositor of the pool can break minting of the Bath Token shares
Proof of Concept
-
An attacker -who is the first one to deposit- sends 1 wei and bypasses (totalSupply == 0) condition.
-
Later a very large amount of donation to the pool and inflates the shares proportionality ratio.
-
Subsequent depositors instead have to deposit an equivalent sum to avoid minting 0 shares. Otherwise, their deposits accrue to the attacker who holds the only share.
function _deposit(uint256 assets, address receiver) internal returns (uint256 shares) { uint256 _pool = underlyingBalance(); uint256 _before = underlyingToken.balanceOf(address(this)); // **Assume caller is depositor** underlyingToken.transferFrom(msg.sender, address(this), assets); uint256 _after = underlyingToken.balanceOf(address(this)); assets = _after.sub(_before); // Additional check for deflationary tokens (totalSupply == 0) ? shares = assets : shares = ( assets.mul(totalSupply) ).div(_pool); // Send shares to designated target _mint(receiver, shares); emit LogDeposit( assets, underlyingToken, shares, msg.sender, underlyingBalance(), outstandingAmount, totalSupply ); emit Deposit(msg.sender, msg.sender, assets, shares); }
Tools Used
Manual Review
Recommended Mitigation Steps
Ensure the number of shares to be minted is non-zero
Uniswap V2 solved this problem by sending the first 1000 LP tokens to the zero address. The same can be done in this case i.e. when totalSupply() == 0, send the first min liquidity LP tokens to the zero address to enable share dilution.
The text was updated successfully, but these errors were encountered:
All reactions