Donation Attack Explained in Detail
A donation attack sends tokens directly to a contract to change a balance the protocol uses for accounting. The attacker does not mint shares or go through the normal deposit flow.
If the protocol treats raw balanceOf(address(this)) as managed assets, the donation can distort exchange rates, collateral values, or reward math.
Smart contract example
uint256 assets = token.balanceOf(address(this));
This value can include unsolicited transfers.
Donation Attack in Auditing
Donation attacks are simple and often overlooked. They can break vault share math, lending collateral values, LP accounting, or reward distribution.
Auditors check whether the protocol can distinguish intentional deposits from raw token balance changes.
Red flags in code
-
Raw token balance is treated as authoritative assets.
-
Share price changes after direct token transfers.
-
Empty or low-supply vault math is unprotected.
-
Rebasing or fee-on-transfer tokens are accepted without special handling.
-
External protocols trust the manipulated share price.
How to test or review it
-
Transfer tokens directly to the contract before deposit, withdraw, borrow, or redeem.
-
Compare internal accounting with token balance.
-
Test empty, dust, and low-liquidity states.
-
Fuzz donation size and timing.
-
Check whether donations can create bad debt or unfair share minting.