Skip to content

Latest commit

 

History

History
43 lines (25 loc) · 872 Bytes

059.md

File metadata and controls

43 lines (25 loc) · 872 Bytes

Basic Opaque Crab

High

First depositor attack in CNumaToken and CNumaLst

Summary

In the CNumaToken and the CNumaLst no reserve is implemented, which will lead to first depositor attack

Root Cause

The use of balance of here: https://github.com/sherlock-audit/2024-12-numa-audit/blob/ae1d7781efb4cb2c3a40c642887ddadeecabb97d/Numa/contracts/lending/CErc20.sol#L158 Will allow vault inflation attack

Internal pre-conditions

N/A

External pre-conditions

N/A

Attack Path

  1. A user deposits one wei into the contract
  2. They start monitoring the mempool
  3. When another user wants to deposit 20eth
  4. Attacker will front-run the transaction sending 20eth too
  5. As a result the user will not be minted any tokens due to round down of minted shares to 0

Impact

loss of funds for the users

PoC

N/A

Mitigation

Implement the reserve