This repository has been archived by the owner on Sep 3, 2023. It is now read-only.
0x52 - First depositor can abuse exchange rate to steal funds from later depositors #125
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
Comments
github-actions
bot
added
Has Duplicates
This was referenced Mar 10, 2023
Closed
Closed
Closed
Closed
This was referenced Mar 10, 2023
Closed
Closed
|
GG. We left this one intentionally. Glad to see this many duplicates. |
0xMoaz
added
Will Fix
|
Fixed |
|
Fix looks good. First deposit now creates a minimum liquidity that make advantageous manipulation nearly impossible |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
0x52
medium
First depositor can abuse exchange rate to steal funds from later depositors
Summary
Classic issue with vaults. First depositor can deposit a single wei then donate to the vault to greatly inflate share ratio. Due to truncation when converting to shares this can be used to steal funds from later depositors.
Vulnerability Detail
See summary.
Impact
First depositor can steal funds due to truncation
Code Snippet
https://github.com/sherlock-audit/2023-02-surge/blob/main/surge-protocol-v1/src/Pool.sol#L307-L343
Tool used
Solidity YouTube Tutorial
Recommendation
Either during creation of the vault or for first depositor, lock a small amount of the deposit to avoid this.
The text was updated successfully, but these errors were encountered: