Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-07-BASIN-FINDINGS-ISSUES-241
HistoryJul 10, 2023 - 12:00 a.m.

First liquidity provider can break minting of shares

2023-07-1000:00:00
Code4rena
github.com
7
vulnerability
impact
proof of concept
attack vector
proof of concept
exploit
tokens
liquidity
contract
revert
underflow
lp token
reserves
manual review
mitigation
calculation
math
JSON

Lines of code

Vulnerability details

Impact

The attack vector and impact is that users may not receive shares in exchange for their deposits if the total asset amount has been manipulated through a large “donation”.

Proof of Concept

The attack vector and impact is that users may not receive shares in exchange for their deposits if the total asset amount has been manipulated through a large “donation”.

An attacker can exploit using these steps:

  1. Create and add 1 wei tokens to liquidity. At this moment, attacker is minted 1 wei LP token.

  2. Transfer large amount of tokens directly to the contract, such as 1e9. Since no new LP token is minted, 1 wei LP token worths 1e9 reserve tokens.

  3. Normal users add liquidity to pool will revert, because of subtraction underflow if they add less than 1e9 reserve tokens.

       lpAmountOut =
       _calcLpTokenSupply(wellFunction(), reserves) -
       totalSupply();

<https://github.com/code-423n4/2023-07-basin/blob/main/src/Well.sol#L460-L491&gt;
<https://github.com/code-423n4/2023-07-basin/blob/main/src/Well.sol#L392-L399&gt;

Tools Used

Manual Review

Recommended Mitigation Steps

You can use different approach of the lpAmountOut calculation

Assessed type

Math

The text was updated successfully, but these errors were encountered:

All reactions

JSON