The ERC4626 standard was created to unify yield-bearing vaults (like xSushi or yvUSDC). While it standardized interfaces, it also standardized a critical mathematical vulnerability known as the Inflation Attack (or "Donation Attack").
This attack allows a hacker to steal funds from the very first depositors of a new vault by manipulating the exchange rate between assets and shares.
The Math of the Heist
Vaults calculate how many shares to mint using this formula: Shares = (Assets Deposited * Total Shares Supply) / Total Assets in Vault
Solidity performs integer division, which always rounds down. This is the key.
The Attack Scenario
- Empty Vault: An attacker sees a new, empty vault.
- The Trap: They deposit 1 wei of the underlying asset (e.g., USDC). They get 1 share.
- Total Assets = 1 wei
- Total Supply = 1 share
- The Donation: The attacker transfers (donates) 100,000 USDC directly to the vault contract without minting shares.
- Total Assets = 100,000 USDC + 1 wei
- Total Supply = 1 share
- Result: 1 share is now worth ~100,000 USDC.
- The Victim: A user deposits 50,000 USDC.
- Shares = (50,000 * 1) / 100,001
- Shares = 0.499... -> Rounds down to 0.
- The Theft: The victim transfers 50,000 USDC but receives 0 shares. The attacker, holding the only existing share, now owns the victim's funds (plus their own donation) and withdraws everything.
The Solution: Offset and Dead Shares
To fix this, the vault mechanism must prevent the 1 share = huge value scenario.
- Virtual Offset: Modern implementations (like OpenZeppelin's latest ERC4626) add virtual assets and shares to the formula (e.g., +1000) during the calculation to dampen the ratio manipulation.
- Dead Shares: Upon the first deposit, the protocol effectively "burns" the first 1000 shares (sends them to address 0), ensuring the initial exchange rate cannot be easily manipulated by a 1 wei deposit.