Cheerful Dijon Tardigrade - Malicious user could cause permanent DoS to the protocol and make all subsequent deposits mint 0 MultiTokens to honest depositors #378
Description
Cheerful Dijon Tardigrade
Medium
Malicious user could cause permanent DoS to the protocol and make all subsequent deposits mint 0 MultiTokens to honest depositors
Summary
Either first depositor, if timed correctly (when rewards can be accrued immediately or almost immediately), or last current depositor, when rewards have been accrued can make realTotal to more than 0 and totalVirtual to 0, thus making all further deposits mint 0 shares to the depositor.
Root Cause
This check:
if (totalVirtual == 0) {
return 0;
}and the fact that it is possible to mint 0, and there are no reverts on 0 amounts, nor min amounts
Note, that this could also happen naturally because of rounding issues, where MultiToken's total supply is 1, but totalVirtual would be 0
Internal Pre-conditions
- User must be last depositor
- Rewards must have been accrued and reinvested
External Pre-conditions
Attack Path
- User stakes
- Rewards are accrued and reinvested back to the Pool
- User withdraws all of their balance
Either because of rounding errors, or other problems, realTotal is 1 or more, but totalVirtual is 0
Impact
Permanent DoS of the protocol, and all of the deposits would mint 0 to the depositor
PoC
No response
Mitigation
correct the check