64 matches found
Loss of funds on deposit when totalShares > 0 && priorTokenBalance == 0
Lines of code Vulnerability details Impact Withdrawing one's shares may return far less tokens than one deposited. Proof of Concept Shares returned when depositing is calculated in StrategyBase.deposit as if totalShares == 0 newShares = amount; else uint256 priorTokenBalance = tokenBalance -...
Upgraded Q -> 2 from #92 [1677633054022]
Judge has assessed an item in Issue 92 as 2 risk. The relevant finding follows: L-09 ERC4626 does not work with fee-on-transfer tokens Description The ERC4626 deposit/mint functions do not work well with fee-on-transfer tokens as the assets variable is the pre-fee amount, including the fee, where...
Upgraded Q -> 2 from #356 [1677633435546]
Judge has assessed an item in Issue 356 as 2 risk. The relevant finding follows: L-01 ERC4626 does not work with fee-on-transfer tokens in project Impact ERC20 token contract can be deposited with the deposit function. With the following part of the code, the ERC20 transfer from msg.sender to the...
FIRST ERC4626 DEPOSIT CAN BE EXPLOITED ON SHARE CALCULATION
Lines of code Vulnerability details Impact As also encountered by Uniswap V2 and other protocols, the first depositor of an ERC4626 vault can maliciously manipulate the share price by depositing as low as 1 wei of liquidity prior to deliberately inflating ERC4626.totalAssets to as high as 1:1e18...
First depositor can break minting of shares
Lines of code Vulnerability details Vulnerability details The calculation of exchange rate for shares in Popcorn Vault is done by dividing the total supply of shares by the totalAssets of the vault. The first depositor can mint a very small number of shares, then donate to the vault to manipulate...
ERC4626 vault shares can be maliciously inflated
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The price of ERC4626 vault shares can be maliciously inflated during the first deposit, leading to the loss of assets for next depositors Proof of Concept Provide direct links to all referenced code in...
First ERC4626 deposit can break share calculation
Lines of code Vulnerability details Impact ERC4626 vault share price can be maliciously inflated on the initial deposit, leading to the next depositor losing assets due to precision issues. Proof of Concept The first depositor of an ERC4626 vault can maliciously manipulate the share price by...
Manipulate the price per share value and unfair share of future users' deposits'
Lines of code Vulnerability details Impact Most of the share based vault implementation will face this issue. The vault is based on the ERC4626 where the shares are calculated based on the deposit value. By depositing large amount as initial deposit, initial depositor can influence the future...
FIRST ERC4626 DEPOSIT CAN BE EXPLOITED ON SHARE CALCULATION
Lines of code Vulnerability details Impact This is a common attack vector involving shares based liquidity pool contracts. An early user can manipulate the price per share and profit from late users' deposits because of the precision loss caused by the rather large value of price per share. Note:...
ERC4626Cloned deposit and mint logic differ on first deposit
Lines of code Vulnerability details The ERC4626Cloned contract is an implementation of the ERC4626 used for vaults. The standard contains a deposit function to deposit a specific amount of the underlying asset, and a mint function that will calculate the amount needed of the underlying token to...
Inconsistent min deposit
Lines of code Vulnerability details Impact The first transfer in a vault that is based on ERC4626Cloned produces different results depending on whether it is done via deposit or via mint. While first deposit produces a number of shares that is 1:1 with the asset, in the case of mint, the results...
User can lose 10 ethers to Vault
Lines of code Vulnerability details Impact If a user or a contract that has a large allowance 10 ethers or max on an ERC4626Cloned based Vault that has not yet received any deposits, calls mint with 0 share argument, will have a 10 ethers of the asset transferred to the Vault with no way to recla...
First ERC4626 deposit can break share calculation
Lines of code Vulnerability details Impact The first depositor of an ERC4626 vault can maliciously manipulate the share price by depositing the lowest possible amount 1 wei of liquidity and then artificially inflating ERC4626.totalAssets. This can inflate the base share price as high as 1:1e18...
FIRST DEPOSIT CAN BREAK SHARE CALCULATIONS
Lines of code Vulnerability details Impact Future depositors are forced to pay a huge value of assets to deposit. It is not practically possible for all users. This could directly affect the attrition of users towards this system. Proof of Concept A well-known attack vector for almost all...
Underlying assets stealing in token via share price manipulation
Lines of code Vulnerability details Impact asset can be stolen from depositors in the vault by manipulating the price of a share. Proof of Concept ERC4626 vaults are subject to a share price manipulation attack that allows an attacker to steal underlying tokens from other depositors this is a kno...
TokenggAVAX share price manipulation
Lines of code Vulnerability details Impact Reporting this issue as medium severity as a leak of value. Solmate's ERC4626 convertToShares calculates shares as assets totalSupply / totalAssets. It is possible to exploit this function by depositing 1 wei of asset in exchange 1 share totalSupply = 1...
Increase in ERC4626 shares due to inflation
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. A bad actor can exploit the Vault by depositing a small amount of asset tokens 1 wei and receiving 1 wei of shares tokens. The attacker can then send a large amount of asset tokens 10000e18 - 1 to infla...
Protocol is not able to account for baseTokens generating yield
Lines of code Vulnerability details Impact The protocol's logic is based on the assumption that, while deposited, the underlying baseTokens will generate yield, which accrues to the Traders holding Collateral Tokens. However, there is no mechanism in Collateral.sol to allow it to account for this...
AutoPxGlp and AutoPxGmx are not compliant with ERC4626 standard
Lines of code Vulnerability details Proof of Concept In both contracts, the previewWithdraw function has the same body // Calculate shares based on the specified assets' proportion of the pool uint256 shares = convertToSharesassets; // Save 1 SLOAD uint256 totalSupply = totalSupply; // Factor in...
First depositer can break Vault share distributions
Lines of code Vulnerability details The calculation of exchange rate for shares in PirexERC4626 Vault is done by dividing the total supply of shares by the totalAssets of the vault. The first depositor can mint a very small number of shares, then donate to the vault to manipulate the share price...