Manipulation of Share Price Of the Underlying Assets #831
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-848
grade-b
Q-07
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Comments
code423n4
added
2 (Med Risk)
|
trust1995 marked the issue as duplicate of #848 |
c4-judge
added
duplicate-848
partial-25
|
trust1995 marked the issue as partial-25 |
c4-judge
added
downgraded by judge
|
trust1995 changed the severity to QA (Quality Assurance) |
c4-judge
added
grade-b
and removed
partial-25
|
trust1995 marked the issue as grade-b |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2023-02-ethos/blob/73687f32b934c9d697b97745356cdf8a1f264955/Ethos-Vault/contracts/ReaperVaultERC4626.sol#L66
Vulnerability details
Impact
Detailed description of the impact of this finding.
This is a well known issue peculiar to the ERC4626 vaults in which there occur a share price manipulation attack that allows an attacker to steal underlying tokens from other depositors.
Proof of Concept
https://github.com/code-423n4/2023-02-ethos/blob/73687f32b934c9d697b97745356cdf8a1f264955/Ethos-Vault/contracts/ReaperVaultERC4626.sol#L66
Tools Used
Manual Review
Recommended Mitigation Steps
Consider sending first 1000 wei of shares to the zero address. This will significantly increase the cost of the attack by forcing an attacker to pay 1000 times of the share price they want to set.
The text was updated successfully, but these errors were encountered: