first depositor of the insurance fund can drain the other depositors #116
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate
This issue or pull request already exists
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/InsuranceFund.sol#L39
Vulnerability details
in deposit, when the ratio totalSupply / balance is very high, the amount of the minted shares can round down to zero.
Proof of Concept
Alice is the first one to deposit to the insurance fund.
she deposits 1 basic unit of vusd (10**-6 dollar), therefore minting one share.
then she transferred 1 million vusd to the contract.
then bob deposits 500,000 vusd. (500000 * 10**6 basic units)
the amount of shares he gets is 500000 * 10**6 * 1 / (1000000* 10**6) = 0
therefore the number of shares didn't change but the balance increased by 500000 dollars.
Alice can now withdraw her share and receive her funds back together with bob funds, as he doesn't have any shares.
Recommended Mitigation Steps
change to:
The text was updated successfully, but these errors were encountered: