First xERC4626 deposit exploit can break share calculation #66
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
Lines of code
https://github.com/Rari-Capital/solmate/blob/12421e3edee21cfb99bf5a6edd6169e6497511de/src/mixins/ERC4626.sol#L133
Vulnerability details
Solmate
convertToShares
function follow the formula:assetDepositAmount * totalShareSupply / assetBalanceBeforeDeposit
.The share price always return 1:1 with asset token. If everything work normally, share price will slowly increase with time to 1:2 or 1:10 as more rewards coming in.
But right after xERC4626 contract creation, during first cycle, any user can deposit 1 share set
totalSupply = 1
. And transfer token to vault to inflatetotalAssets()
before rewards kick in. (Basically, pretend rewards themselves before anyone can deposit in to get much better share price.)This can inflate base share price as high as 1:1e18 early on, which force all subsequence deposit to use this share price as base.
Impact
New xERC4626 vault share price can be manipulated right after creation.
Which give early depositor greater share portion of the vault during the first cycle.
While deposit token also affected by rounding precision (due to exploit above) that always return lesser amount of share for user.
POC
Add these code to
xERC4626Test.t.sol
file to test.Log Result:
Mitigate Recommendation
This exploit is unique to contract similar to ERC4626. It only works if starting supply equal 0 or very small number and rewards cycle is very short. Or everyone withdraws, total share supply become 0.
This can be easily fix by making sure someone always deposited first so
totalSupply
become high enough that this exploit become irrelevant. Unless in unlikely case someone made arbitrage bot watching vault factory contract.Just force deposit early token during vault construction as last resort.
The text was updated successfully, but these errors were encountered: