inital share manipulation attack possible in Vault

Lines of code Vulnerability details Description This is the classic share inflation attack described here: The popcorn Vault is an abstraction on top of other vaults which acts like adapters to wrap other yield bearing protocols. Hence the asset in Vault are the shares in this adapter. An early...

FIRST ERC4626 DEPOSIT CAN BE EXPLOITED ON SHARE CALCULATION

Lines of code Vulnerability details Impact As also encountered by Uniswap V2 and other protocols, the first depositor of an ERC4626 vault can maliciously manipulate the share price by depositing as low as 1 wei of liquidity prior to deliberately inflating ERC4626.totalAssets to as high as 1:1e18...

[NAZ-H1] First depositor can break minting of shares

Lines of code Vulnerability details Impact The attack vector and impact is the same as TOB-YEARN-003, where users may not receive shares in exchange for their deposits if the total asset amount has been manipulated. Proof of Concept In SemiFungibleVault.solL143, the allocation of shares is...

First pool depositor can break minting of shares

Lines of code Vulnerability details Impact First depositor of the pool can break minting of the Bath Token shares Proof of Concept An attacker -who is the first one to deposit- sends 1 wei and bypasses totalSupply == 0 condition. Later a very large amount of donation to the pool and inflates the...

First depositor can break minting of shares

Lines of code Vulnerability details Details The attack vector and impact is the same as TOB-YEARN-003, where users may not receive shares in exchange for their deposits if the total asset amount has been manipulated through a large “donation”. Proof of Concept Attacker deposits 2 wei so that it i...