Donation attack
Description:
The PerpetualVault calculates user shares based on the vault's collateral balance (collateralToken.balanceOf(address(this))). An attacker can donate USDC to the vault, artificially inflating the total balance. This manipulation causes new deposits to mint fewer shares than they should, diluting existing depositors' value.
Impact:
New depositors receive fewer shares than deserved.
Existing depositors' share value is diluted.
Violates the Fair Share of Funding Fees and Depositor Share Value Preservation invariants.
Affected Code:
PerpetualVault.sol#_totalAmount()usescollateralToken.balanceOf(address(this)).PerpetualVault.sol#_mint()calculates shares based on total collateral.
Recommendation:
Track deposits internally (e.g., totalDeposits variable) instead of relying on balanceOf. Subtract fees/withdrawals from this tracked value.
Lead Judging Commences
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Users mistake, only impacting themselves.
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.