BriVault
First Flight #52
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Inflation Attack via Deposit plus Donation

rbd3

Root + Impact

Description

  • The BriVault contract is vulnerable to a first depositor attack ( or inflation attack). An attacker can deposit a minimal amount to receive shares at a 1:1 ratio, then donate a large sum directly to the vault to inflate the share price. This causes subsequent depositors to receive drastically fewer shares for their deposits, allowing the attacker to control the majority of the vault.

function _convertToShares(uint256 assets) internal view returns (uint256 shares) {
uint256 balanceOfVault = IERC20(asset()).balanceOf(address(this)); // Vulnerable to donations
uint256 totalShares = totalSupply();
if (totalShares == 0 || balanceOfVault == 0) {
// First depositor: 1:1 ratio
return assets;
}
@> shares = Math.mulDiv(assets, totalShares, balanceOfVault); //@audit Inflated denominator
}

Risk

Likelihood:

  • First deposit

  • No initial deposit in constructor

Impact:

  • In betting context, attacker gains disproportionate shares of winner pool.

  • Victims lose most of their deposit value to the attacker.

Proof of Concept

Recommended Mitigation

Add initial deposit.

Updates

Appeal created

bube Lead Judge 19 days ago
Submission Judgement Published
Validated
Assigned finding tags:

Inflation attack

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!