First depositor can inflate share price and steal funds from other users
Summary
Attacker can first deposit small amount of asset token to get shares, and front-run other depositors' transactions and inflate shares price by large "donation", thus attacker can withdraw more loan tokens than he initially owned.
Vulnerability Details
User can get share by depositing asset to Lending vault, the amount of minted shares is calculated as:
Let's assume:
1.Alice
2.Bob sees Alice's transaction in mempool and front-runs by first depositing 1 wei to the vault and then get 1 share;
3.Bob then transfers 1 weth directly to the vault, inflates pool token price to (1 weth + 1);
4.Alice's deposit transaction gets confirmed and Alice get 1 share;
5.Bob withdraw from vault and get 1.5 weth back, making 0.5 ether profit.
Impact
User's deposited loan tokens may be stolen by attacker.
Tools Used
Recommendations
Consider minting a minimal amount of pool tokens during the first deposit and sending them to zero address, this increases the cost of the attack. Uniswap V2 uses the value 1000 as it is small enough to don't hurt the first minter, while still increasing the cost of this attack by 1000x.
https://github.com/Uniswap/v2-core/blob/master/contracts/UniswapV2Pair.sol#L119-L121
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.