Share Inflation via Pre-State Minting
Summary
The _mint function calculates shares using pre-swap balances:
If a large swap occurs during a deposit, the temporary balance spike artificially inflates totalAmountBefore, leading to incorrect share calculations.
Vulnerability Details
The _mint function calculates the number of shares to mint based on the totalAmountBefore, which is derived from the current balance of tokens in the contract. Specifically:
The issue arises because the totalAmountBefore is calculated using the current balance of tokens in the contract (IERC20(indexToken).balanceOf(address(this)) or _totalAmount(prices)). If a large swap or transfer occurs during the deposit process, the temporary balance spike will artificially inflate the totalAmountBefore value. This leads to an incorrect calculation of shares, as the formula for shares is:
Scenario:
-
The vault currently has:
totalShares = 1000totalAmountBefore = 1000 USDC(calculated from token balances).
-
A depositor deposits
100 USDC. -
During the deposit process, a large swap occurs, temporarily increasing the vault's balance to
2000 USDC. -
The
totalAmountBeforeis now calculated as2000 - 100 = 1900 USDC. -
The shares are calculated as:
Instead of the correct:
The depositor receives 52.63 shares instead of 100 shares, effectively inflating their share value.
Impact
If a large swap occurs during a deposit, the temporary balance spike artificially inflates totalAmountBefore, leading to incorrect share calculations.
This allows an attacker to mint disproportionately high shares, diluting existing shareholders and stealing yields.
Tools Used
manual code review
Recommendations
Track the total value of the vault independently, updating it only during deposits, withdrawals, and swaps.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.