A yield aggregator vault implementing ERC4626 was vulnerable to the classic first depositor / share inflation attack. An attacker could front-run the first legitimate deposit by donating a large amount of the underlying asset directly to the vault, inflating the share price and causing the victim to receive zero shares.
// Attack flow: 1. Vault is empty (totalSupply = 0, totalAssets = 0) 2. Attacker deposits 1 wei → receives 1 share 3. Attacker donates 1,000,000 USDC directly to vault 4. Share price = 1,000,000 USDC / 1 share 5. Victim deposits 999,999 USDC 6. Victim shares = 999,999 * 1 / 1,000,000 = 0 (rounded down) 7. Attacker redeems 1 share → receives ~2,000,000 USDC
The vault was updated to use OpenZeppelin's virtual shares and virtual assets offset pattern, which prevents share price manipulation by maintaining a minimum share price floor.
Discovered by Marcus Kim of Veridian Labs.