BathToken.sol A malicious early user/attacker can manipulate the vault's pricePerShare to take an unfair share of future users' deposits

Lines of code Vulnerability details function deposituint256 assets, address receiver internal returns uint256 shares uint256 pool = underlyingBalance; uint256 before = underlyingToken.balanceOfaddressthis; // Assume caller is depositor underlyingToken.transferFrommsg.sender, addressthis, assets;...

[WP-H1] The value of LP token can be manipulated by the first minister, which allows the attacker to dilute future liquidity providers' shares

Handle WatchPug Vulnerability details For the first minter of an Exchange pool, the ratio of X/Y and the totalSupply of the LP token can be manipulated. A sophisticated attacker can mint and burn all of the LP tokens but 1 Wei, and then artificially create a situation of rebasing up by transferri...