The attack vector and impact is that users may not receive shares in exchange for their deposits if the total asset amount has been manipulated through a large “donation”.
The attack vector and impact is that users may not receive shares in exchange for their deposits if the total asset amount has been manipulated through a large “donation”.
An attacker can exploit using these steps:
Create and add 1 wei tokens to liquidity. At this moment, attacker is minted 1 wei LP token.
Transfer large amount of tokens directly to the contract, such as 1e9. Since no new LP token is minted, 1 wei LP token worths 1e9 reserve tokens.
Normal users add liquidity to pool will revert, because of subtraction underflow if they add less than 1e9 reserve tokens.
lpAmountOut =
_calcLpTokenSupply(wellFunction(), reserves) -
totalSupply();
<https://github.com/code-423n4/2023-07-basin/blob/main/src/Well.sol#L460-L491>
<https://github.com/code-423n4/2023-07-basin/blob/main/src/Well.sol#L392-L399>
Manual Review
You can use different approach of the lpAmountOut calculation
Math
The text was updated successfully, but these errors were encountered:
All reactions