Platform: Code4rena
Start Date: 15/12/2022
Pot Size: $128,000 USDC
Total HM: 28
Participants: 111
Period: 19 days
Judge: GalloDaSballo
Total Solo HM: 1
Id: 194
League: ETH
Rank: 85/111
Findings: 2
Award: $35.35
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xdeadbeef0x
Also found by: 0xLad, 0xNazgul, 0xSmartContract, 0xbepresent, Arbor-Finance, Breeje, HE1M, IllIllI, Qeew, Rolezn, SEVEN, SamGMK, SmartSek, TomJ, WatchDogs, ak1, btk, ck, datapunk, dic0de, eierina, fs0c, hansfriese, koxuan, ladboy233, peanuts, rvierdiiev, sces60107, tonisives, unforgiven, yongskiws
14.9051 USDC - $14.91
ERC4626Upgradeable is an upgradeable version of Solmate's ERC4626 Token. Solmate's convertToShares function follow the formula: assetDepositAmount * totalShareSupply / assetBalanceBeforeDeposit.
The share price always return 1:1 with asset token. If everything work normally, share price will slowly increase with time to 1:2 or 1:10 as more rewards coming in.
But right after xERC4626 contract creation, during first cycle, any user can deposit 1 share set totalSupply = 1. And transfer token to vault to inflate totalAssets() before rewards kick in. (Basically, pretend rewards themselves before anyone can deposit in to get much better share price.)
This can inflate base share price as high as 1:1e18 early on, which force all subsequence deposit to use this share price as base.
New ERC4626Upgradeable vault share price can be manipulated right after creation. Which gives early depositor greater share portion of the vault during the first cycle.
While deposit token also affected by rounding precision (due to exploit above) that always return lesser amount of share for user.
Manual Review
This exploit is unique to contract similar to ERC4626. It only works if starting supply equal 0 or very small number and rewards cycle is very short. Or everyone withdraws, total share supply becomes 0.
This can be easily fix by making sure someone always deposited first so totalSupply become high enough that this exploit become irrelevant. Unless in unlikely case someone made arbitrage bot watching vault factory contract. Just force deposit early token during vault construction as last resort.
#0 - c4-judge
2023-01-08T13:11:59Z
GalloDaSballo marked the issue as duplicate of #209
#1 - c4-judge
2023-01-29T18:38:47Z
GalloDaSballo changed the severity to 3 (High Risk)
#2 - c4-judge
2023-02-08T08:48:18Z
GalloDaSballo marked the issue as satisfactory
🌟 Selected for report: unforgiven
Also found by: 0x73696d616f, 0xNazgul, Bnke0x0, Breeje, HollaDieWaldfee, IllIllI, Rolezn, __141345__, btk, ck, csanuragjain, fs0c, joestakey, kiki_dev, koxuan, rvierdiiev
20.4404 USDC - $20.44
In the current rewards accounting, vault shares in depositFromStaking() && depositAVAX() && redeemAVAX() can not correctly record the spot yields generated by the staked asset. Yields are released over the next rewards cycle. As a result, malicious users can steal yields from innocent users by picking special timing to depositFromStaking() && depositAVAX() && redeemAVAX().
This is a very similar issue to what Frax experienced with a lot of different attack scenarios all with the same underlying root cause in syncRewards().
Manual Review
Consider following the same recommendation stated by the wardens:
"For the lastRewardAmount not released, allow the users to redeem as it is linearly released later. For the accumulated yields, only allow users to redeem the yields received after 1 rewards cycle after the deposit."
Or what the Frax team decided on:
"
syncRewards()should be called by us at the beginning of each period, or we need to automatically call it before deposits/withdrawals."
#0 - 0xminty
2023-01-04T01:28:34Z
dupe of #863
#1 - c4-judge
2023-01-10T10:02:35Z
GalloDaSballo marked the issue as duplicate of #796
#2 - c4-judge
2023-02-03T10:28:06Z
GalloDaSballo marked the issue as duplicate of #478
#3 - GalloDaSballo
2023-02-03T10:28:41Z
In contrast to the original dups of 478 these dups are not as accurate, awarding half
#4 - c4-judge
2023-02-03T10:28:46Z
GalloDaSballo marked the issue as partial-50