57401 sc critical erc4626 inflation attack vulnerability

Submitted on Oct 25th 2025 at 21:17:11 UTC by @iehnnkta for Audit Comp | Belong

• Report ID: #57401

• Report Type: Smart Contract

• Report severity: Critical

• Target: https://github.com/immunefi-team/audit-comp-belong/blob/main/contracts/v2/periphery/Staking.sol

• Impacts:

  • Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield

Description

Brief/Intro

staking contract inherits ERC4626, which by default have inflation attack vulnerability for freshly deployed vaults.

Vulnerability Details

Attacker can manipulate the asset-to-share ratio by directly funding the contract, instead of going through the deposit function. The typical attack scenario was added in the PoC section.

Impact Details

For the above attack to happen, there are a few conditions to be fulfilled:

• Deployed staking contract should not mint any tokens previously - From the script file provided, there is no initial minting happened

• No other user should stake in the vault until attacker withdraws - Which is mostly not possible

Because of the above 2 conditions, the Severity was Medium. And attacker can repeat this process indefinitely to drain all the user LONG tokens that are going to interact with the vault, if the gap between two users is larger than a day, which is likely not possible.

Proof of Concept