Breeje - First Depositor Attack Vulnerability

[github-actions]

Breeje

high

First Depositor Attack Vulnerability

Summary

Most of the share based vault type implementation faces this issue.
The Pool is inspired from ERC4626 where the shares (Pool Tokens) are calculated based on the deposit value.
By depositing large amount as initial deposit, initial depositor can influence the future depositors value and can steal the funds too.

Vulnerability Detail

Problems with the code:

1. Integer division negatively affect the user.
2. Can be manipulated to cause a large loss, specifically for first victim.

Consider the following situation:

1. Attacker deposits 1 wei of LT (Loan Token).
2. Next, Attacker transfers 100 LT to the contract.
3. Victim deposits 200 LT.
4. Attacker withdraws 1 share.

Have a look at this table to understand the complete PoC:

	Before	Before		After	After
Tx	totalSupply	balanceOf	sharesGiven	totalSupply	balanceOf
BeforeAttacker deposits 1 wei of LT.	0	0	1	1	1
Attacker transfers 100 WETH to the contract.	1	1	N/A	1	1 + 100 x 10^18
Victim deposits 200 WETH.	1	1 + 100 x 10^18	=1.99 = 1	2	1 + 300 x 10^18
Attacker withdraws 1 share.	2	1 + 300 x 10^18	N/A	1	1 + 150 x 10^18

Impact

It can lead to some part of Fund getting stolen from First Depositor.

Code Snippet

File: Pool.sol

    function tokenToShares (uint _tokenAmount, uint _supplied, uint _sharesTotalSupply, bool roundUpCheck) internal pure returns (uint) {
        if(_supplied == 0) return _tokenAmount;
        uint shares = _tokenAmount * _sharesTotalSupply / _supplied;
        if(roundUpCheck && shares * _supplied < _tokenAmount * _sharesTotalSupply) shares++;
        return shares;
    }

Link to Code

Tool used

VS Code

Recommendation

1. Need to Enforce a minimum deposit that can't be withdrawn.
2. So, add some of the initial amount to the zero address.
3. Most legit first depositors will mint thousands of shares, so not a big cost.

Duplicate of #125