25 matches found
DepositPool is susceptible to the inflation attack
Lines of code Vulnerability details Summary The DepositPool contract is susceptible to the Inflation Attack, in which the first depositor can be front-runned by an attacker to steal their deposit. Impact The DepositPool pool contract acts mainly as a vault: accounts deposit LST assets and get bac...
Taking deposits hostage
Lines of code Vulnerability details Impact An initial attacker can gain the power to hold subsequent deposits into StakedUSDeV2 hostage, and release them at will e.g. for a ransom. Proof of concept The checkMinShares requirement called after any withdrawal and deposit function checkMinShares...
Upgraded Q -> 2 from #2037 [1698131784473]
Judge has assessed an item in Issue 2037 as 2 risk. The relevant finding follows: Lā01 Early users can modify the underlying assetsā unit share price Summary: ERC4626, an extension of ERC20, is a standard that is mostly used in yield-bearing tokens. The contract of an ERC4626 token itself is an...
Using _freefunds() to calculate share price lead to shares miscalculations and could benefit treasury
Lines of code Vulnerability details Impact Function freeFunds calculates the amount of free funds available after profit locking and it's used to for calculating share price, issuing shares during deposit, or burning shares during withdrawal. Value returned by freeFunds is time-dependant, because...
First deposit can break share calculation
Lines of code Vulnerability details Impact Vault share price can be maliciously inflated on the initial deposit, leading to the next depositor losing assets due to precision issues. Proof of Concept 147: shares = convertToSharesassets - feeShares; If feeShares = 0 the first depositor of Vault can...
A malicious early user/attacker can manipulate the share price to take an unfair share of future users' deposits
Lines of code Vulnerability details Impact A malicious early user/attacker can manipulate the share price to take an unfair share of future users' deposits. The first minter can manipulate the supply of LP tokens and baseToken-fractional ratio, hindering small liquidity providers from interacting...
First depositer exploit can break share calculation
Lines of code Vulnerability details Impact A well known attack vector for almost all shares based liquidity pool contracts, where an early user can manipulate the price per share and profit from late users' deposits because of the precision loss caused by the rather large value of price per share...
First ERC4626 deposit can break share calculation
Lines of code Vulnerability details Impact The first depositor of an ERC4626 vault can maliciously manipulate the share price by depositing the lowest possible amount 1 wei of liquidity and then artificially inflating ERC4626.totalAssets. This can inflate the base share price as high as 1:1e18...
FIRST ERC4626 DEPOSIT CAN BE EXPLOITED ON SHARE CALCULATION
Lines of code Vulnerability details Impact This is a common attack vector involving shares based liquidity pool contracts. An early user can manipulate the price per share and profit from late users' deposits because of the precision loss caused by the rather large value of price per share. Note:...
First ERC4626 deposit can break share calculation
Lines of code Vulnerability details Impact ERC4626 vault share price can be maliciously inflated on the initial deposit, leading to the next depositor losing assets due to precision issues. Proof of Concept The first depositor of an ERC4626 vault can maliciously manipulate the share price by...
TokenggAVAX share price manipulation
Lines of code Vulnerability details Impact Reporting this issue as medium severity as a leak of value. Solmate's ERC4626 convertToShares calculates shares as assets totalSupply / totalAssets. It is possible to exploit this function by depositing 1 wei of asset in exchange 1 share totalSupply = 1...
[NAZ-M2] First ERC4626Upgradeable Deposit Exploit Can Break Share Calculation
Lines of code Vulnerability details Impact ERC4626Upgradeable is an upgradeable version of Solmate's ERC4626 Token. Solmate's convertToShares function follow the formula: assetDepositAmount totalShareSupply / assetBalanceBeforeDeposit. The share price always return 1:1 with asset token. If...
FIRST DEPOSIT CAN BREAK SHARE CALCULATIONS
Lines of code Vulnerability details Impact Future depositors are forced to pay a huge value of assets to deposit. It is not practically possible for all users. This could directly affect the attrition of users towards this system. Proof of Concept A well-known attack vector for almost all...
Underlying assets stealing in token via share price manipulation
Lines of code Vulnerability details Impact asset can be stolen from depositors in the vault by manipulating the price of a share. Proof of Concept ERC4626 vaults are subject to a share price manipulation attack that allows an attacker to steal underlying tokens from other depositors this is a kno...
First depositor can break the price of shares
Lines of code Vulnerability details Impact The first depositor of the pool can wreck up the price of the shares for the future depositors mostly as the pair launches because of the rounding. Proof of Concept 1. Bob wraps 1 NFT deposits and received 1e18 denominations of fractionalTokens 2. Bob...
First depositor who is a whale account can deny later depositors who are smaller accounts from using AutoPxGmx contract, such as for depositing GMX for apxGMX
Lines of code Vulnerability details Impact A whale account that owns a lot of GMX can call the following PirexGmx.depositGmx function to deposit much GMX for pxGMX. As the first depositor for the AutoPxGmx contract, this account can then call the AutoPxGmx.depositGmx function to deposit 1 wei GMX...
Underlying assets stealing in AutoPxGmx and AutoPxGlp via share price manipulation
Lines of code Vulnerability details Impact pxGMX and pxGLP tokens can be stolen from depositors in AutoPxGmx and AutoPxGlp vaults by manipulating the price of a share. Proof of Concept ERC4626 vaults are subject to a share price manipulation attack that allows an attacker to steal underlying toke...
First depositor can inflate share price
Lines of code Vulnerability details Impact A well-known vulnerability for ERC4626 vaults is the inflation of the share price on the first deposit. Because AutoPxGlp and AutoPxGmx use the balance of the underlying asset for totalAssets and do not have an initial minimum deposit amount, they are al...
BathToken with initial liquidity of 1 wei causes very expensive share price leading to precision errors and loss of funds
Lines of code Vulnerability details Impact The creator of a new BathToken is able to maliciously manipulate the share price by providing lowest possible amount 1 wei of liquidity initialLiquidityNew and then artificially blowing up the BathToken token balance. Following depositors will loose thei...
Initial supplyTokenTo() with _depositAmount=1 wei causes expensive share price
Lines of code Vulnerability details Impact The first depositor into the yield source is able to maliciously manipulate the share price by depositing the lowest possible amount 1 wei and then artificially blowing up the token balance. Following depositors will have to supply a larger amount of...