Platform: Code4rena
Start Date: 24/10/2023
Pot Size: $36,500 USDC
Total HM: 4
Participants: 147
Period: 6 days
Judge: 0xDjango
Id: 299
League: ETH
Rank: 114/147
Findings: 1
Award: $4.52
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xmystery
Also found by: 0x11singh99, 0xAadi, 0xAlix2, 0xG0P1, 0xStalin, 0xWaitress, 0x_Scar, 0xhacksmithh, 0xhunter, 0xpiken, Al-Qa-qa, Arz, Avci, Bauchibred, BeliSesir, Breeje, Bughunter101, DarkTower, Eeyore, Fitro, HChang26, Imlazy0ne, J4X, JCK, Kaysoft, Kral01, Madalad, Mike_Bello90, Noro, PASCAL, PENGUN, Proxy, Rickard, Shubham, SovaSlava, Strausses, Team_Rocket, ThreeSigma, Topmark, Udsen, Walter, Yanchuan, Zach_166, ZanyBonzy, adam-idarrha, adeolu, almurhasan, arjun16, ast3ros, asui, ayden, btk, cartlex_, castle_chain, cccz, chainsnake, codynhat, critical-or-high, cryptonue, csanuragjain, deepkin, degensec, dirk_y, erebus, foxb868, ge6a, hunter_w3b, jasonxiale, kkkmmmsk, lanrebayode77, lsaudit, marchev, matrix_0wl, max10afternoon, nuthan2x, oakcobalt, oxchsyston, pavankv, peanuts, pep7siup, pipidu83, pontifex, ptsanev, qpzm, radev_sw, rokinot, rotcivegaf, rvierdiiev, sorrynotsorry, squeaky_cactus, supersizer0x, tnquanghuy0512, twcctop, twicek, young, zhaojie, ziyou-
4.5226 USDC - $4.52
_checkMinShares() will require 0 or not less than 1e18 shares in the contract after user deposits and withdraws, this is mainly used to protect against donation attacks.
/// @notice ensures a small non-zero amount of shares does not remain, exposing to donation attack function _checkMinShares() internal view { uint256 _totalSupply = totalSupply(); if (_totalSupply > 0 && _totalSupply < MIN_SHARES) revert MinSharesViolation(); }
But this introduces another problem, if a malicious user leaves 1 wei shares in the contract, then other users will have to lock 1e18 shares in the contract.
Consider the following scenario. Alice deposits 1e18 USDe and gets 1e18 shares, Bob deposits 1e18 USDe and gets 1e18 shares. Alice withdraws (1e18 - 1) shares, leaving 1 wei share in the contract. After that, Bob can only withdraw 1 wei share, because _checkMinShares() will require that the shares in the contract are not less than 1e18.
None
It is recommended to change _checkMinShares() from requiring the total shares of the contract to requiring the user's shares, which will both prevent donation attacks and solve this problem.
super._deposit(caller, receiver, assets, shares); - _checkMinShares(); + _checkMinShares(receiver); ... super._withdraw(caller, receiver, _owner, assets, shares); - _checkMinShares(); + _checkMinShares(_owner); ... - function _checkMinShares() internal view { + function _checkMinShares(address user) internal view { - uint256 _totalSupply = totalSupply(); - if (_totalSupply > 0 && _totalSupply < MIN_SHARES) revert MinSharesViolation(); + uint256 _shares = _balances[user]; + if (_shares > 0 && _shares < MIN_SHARES) revert MinSharesViolation(); }
Context
#0 - c4-pre-sort
2023-10-31T19:49:45Z
raymondfam marked the issue as sufficient quality report
#1 - c4-pre-sort
2023-10-31T19:49:58Z
raymondfam marked the issue as duplicate of #71
#2 - c4-judge
2023-11-13T20:24:52Z
fatherGoose1 marked the issue as satisfactory
#3 - c4-judge
2023-11-17T16:56:02Z
fatherGoose1 changed the severity to QA (Quality Assurance)
#4 - c4-judge
2023-11-27T20:49:10Z
fatherGoose1 marked the issue as grade-b