From ac36ed14332b4aee64c992be123dffc5a77bfe38 Mon Sep 17 00:00:00 2001 From: ernestognw Date: Tue, 25 Mar 2025 19:35:11 -0600 Subject: [PATCH 1/4] Consider attacker redeem in ERC4626 inflation attack docs --- docs/modules/ROOT/pages/erc4626.adoc | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/docs/modules/ROOT/pages/erc4626.adoc b/docs/modules/ROOT/pages/erc4626.adoc index c219595dd5c..49942215cfc 100644 --- a/docs/modules/ROOT/pages/erc4626.adoc +++ b/docs/modules/ROOT/pages/erc4626.adoc @@ -137,15 +137,22 @@ Following the previous math definitions, we have: | stem:[1+a_0+a_1] | stem:[10^\delta \times (1+a_0)] | stem:[10^\delta \times \frac{1+a_0}{1+a_0+a_1}] + +| after user's deposit +| stem:[1+a_0+a_1+u] +| stem:[10^\delta \times (1+a_0+a_1)] +| stem:[10^\delta \times \frac{1+a_0+a_1}{1+a_0+a_1+u}] |=== One important thing to note is that the attacker only owns a fraction stem:[\frac{a_0}{1 + a_0}] of the shares, so when doing the donation, he will only be able to recover that fraction stem:[\frac{a_1 \times a_0}{1 + a_0}] of the donation. The remaining stem:[\frac{a_1}{1+a_0}] are captured by the vault. [stem] ++++ -\mathit{loss} = \frac{a_1}{1+a_0} +\text{loss} \approx \frac{a_1}{1 + a_0} - \frac{a_0 \times u}{1 + a_0} ++++ +The negative term stem:[-\frac{a_0 \times u}{1 + a_0}] accounts for the portion of the user's deposit stem:[u] that the attacker recovers upon redeeming their shares. After the user deposits stem:[u], the vault's total assets increase, and the attacker, owning stem:[\frac{a_0}{1 + a_0}] of the shares, can reclaim stem:[\frac{a_0 \times u}{1 + a_0}], reducing their net loss beyond just the unrecovered donation. + When the user deposits stem:[u], he receives [stem] @@ -157,25 +164,27 @@ For the attacker to dilute that deposit to 0 shares, causing the user to lose al [stem] ++++ -10^\delta \times u \times \frac{1+a_0}{1+a_0+a_1} < 1 +10^\delta \times u \leq \frac{a_1}{1 + a_0} ++++ [stem] ++++ -\iff 10^\delta \times u < \frac{1+a_0+a_1}{1+a_0} +\iff 10^\delta \times u - \frac{a_0 \times u}{1 + a_0} \leq \frac{a_1}{1 + a_0} - \frac{a_0 \times u}{1 + a_0} ++++ [stem] ++++ -\iff 10^\delta \times u < 1 + \frac{a_1}{1+a_0} +\iff 10^\delta \times u - \frac{a_0 \times u}{1 + a_0} \le \mathit{loss} ++++ [stem] ++++ -\iff 10^\delta \times u \le \mathit{loss} +\iff 10^\delta \times u \times (1 - \frac{a_0}{1 + a_0}) \le \mathit{loss} ++++ -- If the offset is 0, the attacker loss is at least equal to the user's deposit. +When stem:[\delta = 0], the loss peaks at half the user's deposit because setting stem:[a_0 = 1] maximizes the fraction stem:[\frac{a0}{1 + a_0}] to stem:[\frac{1}{2}], and choosing stem:[a_1 \approx 2u] ensures the user's shares are zero, resulting in a loss of approximately stem:[\frac{u}{2}]. Larger stem:[a_0] values reduce this fraction, lowering the loss. + +- If the offset is 0, the attacker loss peaks at half the user's deposit and decreases with larger initial deposits. - If the offset is greater than 0, the attacker will have to suffer losses that are orders of magnitude bigger than the amount of value that can hypothetically be stolen from the user. This shows that even with an offset of 0, the virtual shares and assets make this attack non profitable for the attacker. Bigger offsets increase the security even further by making any attack on the user extremely wasteful. From aaa0b2fc1f6c347f2e7c1eae449cbfa16819a8d1 Mon Sep 17 00:00:00 2001 From: ernestognw Date: Tue, 25 Mar 2025 19:53:36 -0600 Subject: [PATCH 2/4] up --- docs/modules/ROOT/pages/erc4626.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/modules/ROOT/pages/erc4626.adoc b/docs/modules/ROOT/pages/erc4626.adoc index 49942215cfc..aef0ce18bf6 100644 --- a/docs/modules/ROOT/pages/erc4626.adoc +++ b/docs/modules/ROOT/pages/erc4626.adoc @@ -187,7 +187,7 @@ When stem:[\delta = 0], the loss peaks at half the user's deposit because settin - If the offset is 0, the attacker loss peaks at half the user's deposit and decreases with larger initial deposits. - If the offset is greater than 0, the attacker will have to suffer losses that are orders of magnitude bigger than the amount of value that can hypothetically be stolen from the user. -This shows that even with an offset of 0, the virtual shares and assets make this attack non profitable for the attacker. Bigger offsets increase the security even further by making any attack on the user extremely wasteful. +This shows that even with an offset of 0, the virtual shares and assets make this attack non profitable for the attacker with small initial deposits. Bigger offsets increase the security even further by making any attack on the user extremely wasteful. The following figure shows how the offset impacts the initial rate and limits the ability of an attacker with limited funds to inflate it effectively. From 6eb9d5de5953c07e1c69c37cf7b4dcf748311733 Mon Sep 17 00:00:00 2001 From: ernestognw Date: Wed, 26 Mar 2025 09:40:16 -0600 Subject: [PATCH 3/4] Fix review suggestions --- docs/modules/ROOT/pages/erc4626.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/modules/ROOT/pages/erc4626.adoc b/docs/modules/ROOT/pages/erc4626.adoc index aef0ce18bf6..64558321a10 100644 --- a/docs/modules/ROOT/pages/erc4626.adoc +++ b/docs/modules/ROOT/pages/erc4626.adoc @@ -148,7 +148,7 @@ One important thing to note is that the attacker only owns a fraction stem:[\fra [stem] ++++ -\text{loss} \approx \frac{a_1}{1 + a_0} - \frac{a_0 \times u}{1 + a_0} +\mathit{loss} \approx \frac{a_1}{1 + a_0} - \frac{a_0 \times u}{1 + a_0} ++++ The negative term stem:[-\frac{a_0 \times u}{1 + a_0}] accounts for the portion of the user's deposit stem:[u] that the attacker recovers upon redeeming their shares. After the user deposits stem:[u], the vault's total assets increase, and the attacker, owning stem:[\frac{a_0}{1 + a_0}] of the shares, can reclaim stem:[\frac{a_0 \times u}{1 + a_0}], reducing their net loss beyond just the unrecovered donation. @@ -174,12 +174,12 @@ For the attacker to dilute that deposit to 0 shares, causing the user to lose al [stem] ++++ -\iff 10^\delta \times u - \frac{a_0 \times u}{1 + a_0} \le \mathit{loss} +\iff 10^\delta \times u - \frac{a_0 \times u}{1 + a_0} \leq \mathit{loss} ++++ [stem] ++++ -\iff 10^\delta \times u \times (1 - \frac{a_0}{1 + a_0}) \le \mathit{loss} +\iff 10^\delta \times u \times (1 - \frac{a_0}{1 + a_0}) \leq \mathit{loss} ++++ When stem:[\delta = 0], the loss peaks at half the user's deposit because setting stem:[a_0 = 1] maximizes the fraction stem:[\frac{a0}{1 + a_0}] to stem:[\frac{1}{2}], and choosing stem:[a_1 \approx 2u] ensures the user's shares are zero, resulting in a loss of approximately stem:[\frac{u}{2}]. Larger stem:[a_0] values reduce this fraction, lowering the loss. From 8b6db0bc698b83734bd90201efdb07b85b6e110b Mon Sep 17 00:00:00 2001 From: ernestognw Date: Wed, 26 Mar 2025 09:42:42 -0600 Subject: [PATCH 4/4] Add loss equality --- docs/modules/ROOT/pages/erc4626.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/modules/ROOT/pages/erc4626.adoc b/docs/modules/ROOT/pages/erc4626.adoc index 64558321a10..0e2280c1cc5 100644 --- a/docs/modules/ROOT/pages/erc4626.adoc +++ b/docs/modules/ROOT/pages/erc4626.adoc @@ -148,7 +148,7 @@ One important thing to note is that the attacker only owns a fraction stem:[\fra [stem] ++++ -\mathit{loss} \approx \frac{a_1}{1 + a_0} - \frac{a_0 \times u}{1 + a_0} +\mathit{loss} \approx \frac{a_1}{1 + a_0} - \frac{a_0 \times u}{1 + a_0} = \frac{a1 - a_0 \times u}{1 + a_0} ++++ The negative term stem:[-\frac{a_0 \times u}{1 + a_0}] accounts for the portion of the user's deposit stem:[u] that the attacker recovers upon redeeming their shares. After the user deposits stem:[u], the vault's total assets increase, and the attacker, owning stem:[\frac{a_0}{1 + a_0}] of the shares, can reclaim stem:[\frac{a_0 \times u}{1 + a_0}], reducing their net loss beyond just the unrecovered donation.