Description

Empty ERC-4626 vaults can be manipulated to inflate the price of a share and cause depositors to lose their deposits due to rounding in favor of the vault.

In empty (or nearly empty) ERC-4626 vaults, deposits are at high risk of being stolen through front-running with a donation to the vault that inflates the price of a share. This is variously known as a donation or inflation attack and is essentially a problem of slippage.

Impact

This attack allows malicious actors to steal deposits into pools, which will result in potentially notable losses for users.

Recommendations

For protection against inflation attacks, we suggest upgrading the ERC4626Upgradeable OpenZeppelin contract used in BeefyWrapper.sol to the current version (4.9).

The latest version of the ERC4626Upgradeable OpenZeppelin contract↗ explains their proposed solution to this type of attack:

The _decimalsOffset() corresponds to an offset in the decimal representation between the underlying asset's decimals and the vault decimals. This offset also determines the rate of virtual shares to virtual assets in the vault, which itself determines the initial exchange rate.

While not fully preventing the attack, analysis shows that the default offset (0) makes it non-profitable, as a result of the value being captured by the virtual shares (out of the attacker's donation) matching the attacker's expected gains. With a larger offset, the attack becomes orders of magnitude more expensive than it is profitable.

Remediation

This issue has been fixed by Beefy Finance in commit 39a7e1a↗.