BriVault

Description

When depositing tokens, the number of shares a user gets is rounded down. This rounding takes away value from the user in favor or the vault (i.e. in favor of all the current share holders).An attacker can front run the first depositor and make a donation so that the victim will receive 0 shares after deposit. Here is an attack scenario:

• an attacker deposits 1 token and gets 1 share

• a victim want to make a deposit of 1000 tokens

• the attacker makes a donation of 1000 tokens by transferring tokens directly to the contract address

• the victim gets 1000 / (1000 + 1) = 0 shares

• the attacker gets all tokens deposited to the contract since the victim has 0 shares

Here is a great article that describes the attack in details.

Risk

Likelihood:

High, since the first depositor can be attacked without additional conditions

Impact:

High, since the victim loses all assets

Recommended Mitigation

To protect the contract you can follow Openzeppelin recommendations:

• Use an offset between the "precision" of the representation of shares and assets. Said otherwise, we use more decimal places to represent the shares than the underlying token does to represent the assets.

• Include virtual shares and virtual assets in the exchange rate computation. These virtual assets enforce the conversion rate when the vault is empty