Precision Loss in _mint Function Leading to Silent Asset Drain
Summary
The mint() function suffers from precision loss due to solidity integer truncation when calculating shares. This results in users receiving fewer shares than they should, effectively losing a portion of their deposit value. The lost shares remain trapped in the contract, creating an unfair advantage for larger liquidity providers and enabling potential exploits.
Vulnerability details
totalShares = 10,000,000
totalAmountBefore = 10,000,000 USDC
amount(new deposit) 97 USDC
User should receive 97.9 shares, but only gets 97.
0.9 shares worth of USDC is lost. which is approximately $1
Impact
Users lose a fraction of their deposit due to rounding errors, leading to economic loss.
Repeated deposits accumulate losses, draining value from smaller depositors.
The lost shares stay in the contract, silently benefiting large liquidity providers.
If exploited, an attacker could strategically deposit specific amounts to drain other's value.
Tools Used
Manual Review
Recommendations
To prevent this loss, we scale all calculations by 1e18 before performing division:
Lead Judging Commences
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Suppositions
There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.