Over-Minting of Shares Due to Incorrect totalAmountBefore Handling

Summary :

A vulnerability in the _mint function allows excessive share minting when totalAmountBefore is 0. The contract artificially sets totalAmountBefore = 1, which leads to an inflated share calculation, resulting in severe dilution of existing depositors’ ownership and incorrect vault accounting.

Vulnerability Details :

The issue occurs in the following lines within the _mint function:

• If totalAmountBefore is 0, the code forcefully assigns it to 1 instead of reverting.

• This causes _shares to be calculated as:

which significantly over-mints shares.

• If totalShares is large, a small deposit could receive an unfairly high number of shares, leading to severe dilution for existing depositors thus breaking the key invariant of the protocol.

Example Scenario -

Assume the following:

• totalShares = 1000

• totalAmountBefore = 0, so it's set to 1

• amount = 100

The _shares calculation becomes:

_shares = 100 * 1000 / 1;

_shares = 100000;

This means the depositor gets 100x more shares than they should, completely breaking the vault's share distribution model.

Impact :

1. Severe dilution of existing depositors' shares, as new depositors get an unfairly high number of shares.

2. Total shares inconsistency, violating the expected invariant where sum(depositors' shares) == totalShares.

3. Vault accounting issues, leading to incorrect fee distribution and potential financial loss for existing users.

Tools Used :

Manual Review

Recommendations :

• Ensure _totalAmount(prices) correctly accounts for existing assets before deposits to prevent totalAmountBefore from being incorrectly set to 0.

• Add tests to verify that share minting remains proportional to deposits and does not introduce dilution.

By implementing these fixes, the contract will prevent unfair share allocation and maintain a correct vault accounting system.