Minimum Shares Explained in Detail
Minimum shares is a user-provided lower bound for how many shares they must receive. If the vault or pool would mint fewer shares, the transaction should revert.
This is similar to minimum output in a swap.
Smart contract example
require(shares >= minShares, "too few shares");
The check protects against bad execution after the user signs or submits the transaction.
Minimum Shares in Auditing
Without a minimum-share check, a user can deposit assets and receive too few shares because of rounding, fees, donations, share-price manipulation, or front-running.
Auditors check vault and strategy entry points for output protection.
Red flags in code
-
Deposit function accepts assets but no
minSharesor equivalent guard. -
shares > 0is the only protection. -
First-deposit and low-supply states are not tested.
-
previewDepositis treated as a guaranteed result. -
Routers omit user-supplied minimum output.
How to test or review it
-
Simulate attacker deposit plus direct donation before victim deposit.
-
Test empty vault, dust supply, and low-liquidity states.
-
Verify user-provided minimum shares are enforced.
-
Compare preview results with actual minted shares.
-
Test rounding direction around one-share boundaries.
Keep learning this topic
ERC4626 Inflation Attack
An ERC4626 inflation attack manipulates an empty or low-supply vault's asset-to-share rate so a victim receives too few shares.
Slippage Tolerance
Slippage tolerance is the maximum execution difference a user accepts between an expected quote and the actual on-chain result.
Share Price Manipulation
Share price manipulation changes the calculated value of vault, pool, or receipt-token shares to exploit deposits, withdrawals, collateral, or rewards.
Practice this in real audit scenarios
Definitions help, but auditors need reps. SCH turns concepts like Minimum Shares into exploit labs, code review habits, and report-writing practice.
Start the free trial or see the full smart contract auditing course.