Good Entry - Hama's results

Lines of code

https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/GeVault.sol#L273

Vulnerability details

Impact

The smart contract's deposit function is vulnerable to a first depositor exploit, allowing the initial depositor to manipulate the liquidity calculation and potentially steal funds from later depositors. By artificially inflating the valueX8 parameter during the first deposit, the first depositor can receive a disproportionately large number of liquidity tokens. This manipulation can adversely impact the liquidity pool's stability and fairness, leading to a loss of funds for subsequent depositors and potential financial harm to the entire pool.

Proof of Concept

/// @notice deposit tokens in the pool, convert to WETH if necessary
function deposit(address token, uint amount) public payable nonReentrant returns (uint liquidity) 
{
...     
// initial liquidity at 1e18 token ~ $1
if (tSupply == 0 || vaultValueX8 == 0)
  liquidity = valueX8 * 1e10;
else {
  liquidity = tSupply * valueX8 / vaultValueX8;
}
..
}

By depositing a minimal amount of weth, such as 1 wei, the attacker mints 1 valueX8 token for themselves. Subsequently, the attacker can donate a substantial amount of weth, for example, , to the protocol reserve.However, the contract fails to recalculate the total supply of X8 tokens after the donation, resulting in the total supply remaining at 1 X8 while the reserve amount is significantly inflated. As a result, the attacker's 1 X8 token represents a disproportionately large share in the inflated reserve, potentially diluting the share value of later depositors.

Tools Used

Manual review

Recommended Mitigation Steps

Either during creation of the vault or for first depositor, lock a small amount of the deposit to avoid this.

Assessed type

Token-Transfer