Platform: Code4rena
Start Date: 21/11/2022
Pot Size: $90,500 USDC
Total HM: 18
Participants: 101
Period: 7 days
Judge: Picodes
Total Solo HM: 4
Id: 183
League: ETH
Rank: 94/101
Findings: 1
Award: $25.32
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Jeiwan
Also found by: 0xLad, 0xSmartContract, 8olidity, HE1M, JohnSmith, KingNFT, Koolex, Lambda, R2, __141345__, carrotsmuggler, cccz, gogo, hl_, joestakey, koxuan, ladboy233, pashov, peanuts, rbserver, rvierdiiev, seyni, unforgiven, xiaoming90, yongskiws
25.3241 USDC - $25.32
https://github.com/code-423n4/2022-11-redactedcartel/blob/03b71a8d395c02324cb9fdaf92401357da5b19d1/src/vaults/PirexERC4626.sol#L60 https://github.com/code-423n4/2022-11-redactedcartel/blob/03b71a8d395c02324cb9fdaf92401357da5b19d1/src/vaults/PirexERC4626.sol#L80
The attacker can get funds from future users, and the future users will lose their funds.
A malicious early user can deposit() with 1 wei of asset token and get 1 wei of shares. Then he/she can send 10000e18 - 1 of asset tokens and inflate the price per share from 1 to an extreme value of 1e22
(1 + 10000e18 - 1) / 1 = 1e22
A future user who deposits 19999e18 will only receive 1 wei of shares token.
19999e18 * 1 / 10000e18 = 1
he/she would lose 9999e18 if they redeem() right after the deposit().
Manual Review
Require minimum amount of share in deposit function and mint function.
#0 - c4-judge
2022-12-03T22:14:13Z
Picodes marked the issue as duplicate of #407
#1 - c4-judge
2023-01-01T10:43:43Z
Picodes marked the issue as satisfactory
#2 - c4-judge
2023-01-01T11:36:10Z
Picodes changed the severity to 3 (High Risk)
#3 - C4-Staff
2023-01-10T21:54:30Z
JeeberC4 marked the issue as duplicate of #275