ReaperVaultV2 share price manipulation #533

code423n4 · 2023-03-06T11:59:04Z

Lines of code

https://github.com/code-423n4/2023-02-ethos/blob/main/Ethos-Vault/contracts/ReaperVaultV2.sol#L319

Vulnerability details

Impact

Underlying token can be stolen from depositors in ReaperVaultV2

Proof of Concept

Alice is the first depositor of the ReaperVaultV2 and deposits 1 wei of the underlying token
She will receive 1 share (L332)
Alice then sends 9999999999999999999 (10e18 - 1) of tokens to the Vault
this will make the price of 1 share equal to 10 tokens, since the freeFunds will be 10 and totalSupply of shares is 1
Now Bob deposits 19 tokens and gets only 1 share due to the rounding in L334:
(19e18 * 1) / 10e18 = 1
Alice withdraws all her shares and receives 14.5 tokens
Bob withdraws and only receives 14.5 tokens instead of the 19 he initially deposited

    function deposit(uint256 _amount) external {
        _deposit(_amount, msg.sender);
    }

    // Internal helper function to deposit {_amount} of assets and mint corresponding
    // shares to {_receiver}. Returns the number of shares that were minted.
    function _deposit(uint256 _amount, address _receiver) internal nonReentrant returns (uint256 shares) {
        _atLeastRole(DEPOSITOR);
        require(!emergencyShutdown, "Cannot deposit during emergency shutdown");
        require(_amount != 0, "Invalid amount");
        uint256 pool = balance();
        require(pool + _amount <= tvlCap, "Vault is full");

        uint256 freeFunds = _freeFunds();
        uint256 balBefore = token.balanceOf(address(this));
        token.safeTransferFrom(msg.sender, address(this), _amount);
        uint256 balAfter = token.balanceOf(address(this));
        _amount = balAfter - balBefore;
        if (totalSupply() == 0) {
            shares = _amount; // L332
        } else {
            shares = (_amount * totalSupply()) / freeFunds; // L334
        }
        _mint(_receiver, shares);
        emit Deposit(msg.sender, _receiver, _amount, shares);
    }

Tools Used

Manual Review

Recommended Mitigation Steps

Add a minimum deposit size for the first deposit, or add "virtual" assets and shares when doing conversions.
Example: https://github.com/boringcrypto/YieldBox/blob/0d150234f855ff2e1319159ef1e835f0d5ea9d3c/contracts/YieldBoxRebase.sol#L24-L29

c4-judge · 2023-03-09T13:54:33Z

trust1995 marked the issue as duplicate of #848

c4-judge · 2023-03-09T13:54:39Z

trust1995 marked the issue as satisfactory

c4-judge · 2023-03-20T09:45:02Z

trust1995 changed the severity to QA (Quality Assurance)

code423n4 added 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working labels Mar 6, 2023

code423n4 added a commit that referenced this issue Mar 6, 2023

vagrant issue #533

f5b4272

c4-judge closed this as completed Mar 9, 2023

c4-judge added duplicate-848 satisfactory satisfies C4 submission criteria; eligible for awards labels Mar 9, 2023

c4-judge added downgraded by judge Judge downgraded the risk level of this issue QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax and removed 3 (High Risk) Assets can be stolen/lost/compromised directly labels Mar 20, 2023

C4-Staff added the grade-b label Mar 27, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ReaperVaultV2 share price manipulation #533

ReaperVaultV2 share price manipulation #533

code423n4 commented Mar 6, 2023

c4-judge commented Mar 9, 2023

c4-judge commented Mar 9, 2023

c4-judge commented Mar 20, 2023

ReaperVaultV2 share price manipulation #533

ReaperVaultV2 share price manipulation #533

Comments

code423n4 commented Mar 6, 2023

Lines of code

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

c4-judge commented Mar 9, 2023

c4-judge commented Mar 9, 2023

c4-judge commented Mar 20, 2023