BathToken.sol A malicious early user/attacker can manipulate the vault's pricePerShare to take an unfair share of future users' deposits

Lines of code Vulnerability details function deposituint256 assets, address receiver internal returns uint256 shares uint256 pool = underlyingBalance; uint256 before = underlyingToken.balanceOfaddressthis; // Assume caller is depositor underlyingToken.transferFrommsg.sender, addressthis, assets;...