You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Dullahan Vault:
In case of the Vault, the shares are rebasing tokens, meaning any depositor will receive the same exact amount of dstkAAVE that the stkAAVE deposited. In case of a direct transfer to the Vault be an attacker before a user deposit, it will not impact the amount of dstkAAVE minted for the depositor. Instead, it will increase all previous depositors dstkAAVE balances (the same way it is increased when the Vault claims AAVE rewards and stake them for stkAAVE)
Dullahan Rewards Staking:
In the case of the Staking contract, this type of inflation attack would work only if the depositor was the 1st to deposit, and the contract was empty. This is why an initial deposit is done during the initialization, to prevent from such attacks.
After, if an attacker sends tokens directly to the contract right before an user deposit, the funds will be absorbed in the index (increasing all previous depositors position), but for the user depositing, the amount of shares minted will end up representing their share of the total funds in the contract correctly.
The text was updated successfully, but these errors were encountered:
Inflation attack:
Dullahan Vault:
In case of the Vault, the shares are rebasing tokens, meaning any depositor will receive the same exact amount of
dstkAAVEthat thestkAAVEdeposited. In case of a direct transfer to the Vault be an attacker before a user deposit, it will not impact the amount ofdstkAAVEminted for the depositor. Instead, it will increase all previous depositorsdstkAAVEbalances (the same way it is increased when the Vault claims AAVE rewards and stake them forstkAAVE)Dullahan Rewards Staking:
In the case of the Staking contract, this type of inflation attack would work only if the depositor was the 1st to deposit, and the contract was empty. This is why an initial deposit is done during the initialization, to prevent from such attacks.
After, if an attacker sends tokens directly to the contract right before an user deposit, the funds will be absorbed in the index (increasing all previous depositors position), but for the user depositing, the amount of shares minted will end up representing their share of the total funds in the contract correctly.
The text was updated successfully, but these errors were encountered: