Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[OZ: C-03] The vault can be drained one share at a time #47

Closed
Robsonsjre opened this issue Oct 13, 2022 · 0 comments
Closed

[OZ: C-03] The vault can be drained one share at a time #47

Robsonsjre opened this issue Oct 13, 2022 · 0 comments

Comments

@Robsonsjre
Copy link
Collaborator

During the withdrawal process, users can specify the amount of assets to withdraw, which is
then rounded down to shares.

When the asset amount specified by the user is less than the minimum amount that can be
converted to a unit share, the shares argument is zero in the internal withdraw function but
the assets argument is not. Hence, with zero shares, all internal calls can succeed and a
non-zero amount of asset token will be transferred out to the receiver without burning any
shares.

This process can be repeated many times to drain the entire vault. The attack can also
be executed with any asset amount by burning a rounded-down amount of shares and
extracting the excess assets.

Since the vault is expected to become more valuable over time due to its yield strategy, this
could lead to a profitable attack when one share is worth more than the cost.

Recommendation: Consider rounding up the shares for a given amount of assets during withdrawal.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ggviana @Robsonsjre