Z0NaN - Vault inflation attack in UsualX allows malicious user to steal money and innocent user to lose money

[sherlock-admin2]

Z0NaN

High

Vault inflation attack in UsualX allows malicious user to steal money and innocent user to lose money

Summary

The missing check: require(convertToShares(assets) != 0); in usualX::depositWithPermit(...) allows the attacker to perform and fully beneficiate from his attack at low cost as he takes advantage of a rounding issue.

Root Cause

There's a rounding issue here:
in convertToShares(...) called in the subcalls of deposit()
https://github.com/sherlock-audit/2024-10-usual-labs-v1/blob/main/pegasus/packages/solidity/src/vaults/UsualX.sol#L308

Internal pre-conditions

1. totalAsset()==0, totalSupply()==0

External pre-conditions

No response

Attack Path

1. A hacker back-runs the transaction of an ERC4626 pool creation.
2. The hacker mints for themself one share: deposit(1). Thus, totalAsset()==1, totalSupply()==1.
3. The hacker front-runs the deposit of the victim who wants to deposit 20,000 usual (20,000).
4. The hacker inflates the denominator right in front of the victim: asset.transfer(20_000dec). Now totalAsset()==20_000dec + 1, totalSupply()==1.
5. Next, the victim's tx takes place. The victim gets 1 * 20_000dec / (20_000dec + 1) == 0 shares. The victim gets zero shares.
6. The hacker burns their share and gets all the money.

Impact

No response

PoC

No response

Mitigation

Add the following check: require(convertToShares(assets) != 0);or implement the 'dead shares' technique used by UniswapV2