Follow-up to the discussion in #840. There, the first-depositor / share-inflation (donation) attack was raised (@Sunny6889) and the conclusion (@yanghang8612) was to fold a non-normative implementation note — virtual shares/assets offset and initial-seeding as mitigations, plus decimal-basis guidance — into Security Considerations when graduating to Last Call, without changing the interface.
That note doesn't appear in the published tip-4626.md. The current Security Considerations cover malicious implementations, EOA slippage, preview-as-oracle manipulation, and rounding direction, but not the inflation/donation attack or its mitigation (no mention of inflation / donation / virtual shares / first-depositor / empty-vault).
This is worth closing because the rounding-down-to-favor-the-vault rule already in the spec does not by itself prevent the empty-vault donation attack — the mitigation is the virtual-shares offset or seeding, which the spec currently leaves implementers to rediscover (the exact outcome #840 set out to avoid).
Proposed addition to Security Considerations (non-normative, no interface change):
Share-inflation / first-depositor (donation) attack. When a vault is empty or near-empty, an attacker can mint a tiny number of shares and then transfer assets directly into the vault, inflating the share price so that subsequent deposits round down to zero shares and are absorbed by the attacker. Favorable rounding alone does not prevent this. Implementations SHOULD mitigate it, e.g. via a virtual shares/assets offset (as in OpenZeppelin's implementation) or by seeding a non-trivial initial deposit at vault creation. The attack cost scales with the vault asset's decimals, not the chain's native-coin decimals — a 6-decimal asset (e.g. USDT) is cheaper to attack than an 18-decimal one.
Happy to open a PR with this wording if useful.
Follow-up to the discussion in #840. There, the first-depositor / share-inflation (donation) attack was raised (@Sunny6889) and the conclusion (@yanghang8612) was to fold a non-normative implementation note — virtual shares/assets offset and initial-seeding as mitigations, plus decimal-basis guidance — into Security Considerations when graduating to Last Call, without changing the interface.
That note doesn't appear in the published
tip-4626.md. The current Security Considerations cover malicious implementations, EOA slippage, preview-as-oracle manipulation, and rounding direction, but not the inflation/donation attack or its mitigation (no mention of inflation / donation / virtual shares / first-depositor / empty-vault).This is worth closing because the rounding-down-to-favor-the-vault rule already in the spec does not by itself prevent the empty-vault donation attack — the mitigation is the virtual-shares offset or seeding, which the spec currently leaves implementers to rediscover (the exact outcome #840 set out to avoid).
Proposed addition to Security Considerations (non-normative, no interface change):
Happy to open a PR with this wording if useful.