Vulnerabilities

ERC4626 Inflation Attack

An ERC4626 inflation attack manipulates an empty or low-supply vault's asset-to-share rate so a victim receives too few shares.

The attacker makes vault shares expensive before the victim deposits, so the victim gets rounded down.

ERC4626 Inflation Attack Explained in Detail

An ERC4626 inflation attack targets vault share math when supply is empty or tiny. A common shape is: attacker deposits a dust amount, donates assets directly to the vault, then a victim deposits and receives zero or too few shares because of rounding.

The victim's assets increase the vault value, but the attacker owns most or all shares.

Smart contract example

attacker deposits 1 -> attacker donates 100 -> victim deposits 100 -> victim receives 0 shares

The exact numbers depend on the vault's conversion and rounding logic.

ERC4626 Inflation Attack in Auditing

ERC4626 vaults are often integrated as yield sources, collateral, and strategy tokens. Inflation bugs can steal first deposits or make small deposits unsafe.

Auditors review low-supply share math before treating the vault as safe.

Red flags in code

  • Empty vault has no virtual shares, virtual assets, or seeded liquidity.

  • totalAssets() uses raw token balance without internal accounting.

  • Deposits lack minimum-share protection.

  • Direct donations change the share price.

  • Tests skip first-depositor and dust-deposit cases.

How to test or review it

  • Simulate attacker dust deposit, donation, and victim deposit.

  • Check previewDeposit against actual minted shares.

  • Fuzz low supply, low assets, and rounding boundaries.

  • Test virtual-share or dead-share mitigations.

  • Confirm routers or callers enforce minimum shares when needed.

Sources