Assessment reports>Takara Lend Contracts>High findings>AssetDeployer deploys tokens that are vulnerable to inflation attacks
Category: Business Logic

AssetDeployer deploys tokens that are vulnerable to inflation attacks

High Severity
High Impact
Medium Likelihood

Description

The AssetDeployer contract deploys the TErc20 contract and sets up the contract's metadata in the Comptroller. During the setup process, 1 Wei of the token is minted with a payment of 1 Wei of the underlying and then burned to the zero address:

function deployAsset(
    // [...]
) public returns (address) {
    // [...]

    underlyingERC20.approve(address(tToken), 1);
    TErc20Delegator(payable(address(tToken))).mint(1);
    tToken.approve(address(0), 1);
    tToken.transfer(address(0), 1);

Note that the parameter to TErc20.mint is the amount of underlying, but the amount of tToken minted may be greater than 1 Wei, depending on the initial exchange rate. So this may leave tToken value in the AssetDeployer contract.

Although minting 1 Wei does initialize the contract, the exchange rate that it uses after initialization is dependent on the live balance of the underlying token that is owned by the contract. Thus, it is vulnerable to ERC-4626 inflation--style attacks, where an attacker front-runs the first real mint in order to donate underlying assets and change the exchange rate into one that causes the victim to mint at an unfavorably rounded price.

Impact

If an ERC-4626 inflation--style attack is conducted shortly after the deployment of a legitimate asset, then the first few depositors are at risk of front-runners.

Recommendations

We recommend minting and burning a real amount of value and setting the exchange rate so that this real amount of value corresponds to an appropriate amount of shares. The feasibility of an ERC-4626 inflation--style attack is diminished if the initial amount of shares is high, because it relies on the rounding behavior when there are only a few shares.

Alternatively, instead of burning this value, the admin could hold onto it until the protocol has sufficient standing liquidity such that it is not plausible for everyone to withdraw, at which point the admin can redeem those tokens.

Either way, we recommend reviewing the deployment strategies of other Compound V2 forks in order to ensure that the deployment is not arbitrageable by attackers who try to employ ERC-4626 inflation--style attacks.

Remediation

This issue has been mitigated by deprecating this AssetDeployer. In the new deployment process, the team will make sure that at least 10e6 Wei of underlying shares exist at the time the mint function becomes publicly available.

Zellic © 2025Back to top ↑