Gareth Larkan

Introduction

Welcome to the fascinating world of ERC-4626! You may have heard about ERC standards, which help structure smart contracts for decentralized applications. Well, ERC-4626 is one of those standards, and today we'll explore what it's all about.

ERC standards are guidelines for developing smart contracts that work well with decentralized applications. Some common ERC standards include ERC20 and ERC721. Today, we'll focus on ERC-4626.

‍

Why?

ERC-4626 was created as an Ethereum Improvement Proposal (EIP) by multiple authors, including Joey Santoro and transmissions 11, on December 22nd, 2021.

The reason ERC-4626 was developed is that there was a lack of standardization in how vaults were being created. This made it difficult for protocols to follow standards and integrate with different vaults. So, ERC-4626 was introduced to solve this problem.

‍

How does ERC-4626 work?

The ERC-4626 vault combines two different ERC20 tokens: the underlying asset and the vault token. When users deposit the underlying asset, they receive a proportionate amount of vault tokens. These tokens represent their share of the total assets in the vault.

When a user wants to withdraw from the vault, they burn their vault tokens and receive an equivalent amount of the underlying asset. The amount they receive depends on the proportion of shares they hold compared to the total shares and assets in the vault.

The benefit of the share/vault token is that it eliminates the need to update user balances every time assets enter the vault.

Let's look at an example to understand better how a vault works:

• Alice deposits 80 ETH into the vault and receives 80 ETH worth of vault tokens since there are no shares yet.
• Bob deposits 20 ETH and receives 20 ETH worth of vault tokens. The conversion formula is based on the total supply of shares and the total underlying assets.
• The vault generates 10 ETH worth of yield, which is added to the total assets.
• Bob decides to withdraw and burns his shares. He receives 22 ETH in return, calculated based on the total supply of underlying assets and shares.

Bob made a profit of 2 ETH, while Alice would have made 8 ETH if she had withdrawn. On a larger scale, this process becomes more complex.

‍

Vulnerability

One common attack on vaults is the inflation attack, which is particularly dangerous in the early stages of a vault. This attack involves an attacker front-running the first deposit in a contract. By manipulating the exchange rate, the attacker can steal funds from other depositors.

Let's take a practical example to better understand the vulnerability. We'll use the same scenario as mentioned earlier.

Here's what happens step by step:

• Alice deposits 10 ETH into the pool. However, during the transaction's processing time, an attack occurs.
• Bob takes advantage of Alice's deposit by quickly depositing 1 ETH into the vault, receiving 1 ETH worth of vault tokens. Now, Bob owns 100% of the total shares.
• The next crucial step for Bob is to transfer 60 ETH (or any large amount) into the vault without it being considered in the share calculations. The easiest way to do this is by creating a malicious contract, sending ETH to it, and then self-destructing the contract with the vault's address as the recipient.
• Finally, Alice's transaction is approved, and her 10 ETH is deposited into the pool. However, due to a rounding down issue in the formula, (10 \* 1 / 61) = 0. As a result, Alice receives no shares.
• Bob decides to burn his shares since he owns 100% of them. He receives the entire 71 ETH in return, effectively stealing Alice's 10 ETH.

To mitigate this vulnerability, several solutions can be implemented. One approach is to mint a certain amount of shares to a burnable address during the first deposit, making the attack much riskier and costlier. Other solutions include adding a decimal offset to the share token, setting minimum deposit amounts, or, for simpler contracts using ETH, tracking the ETH inside the contract separately.

‍

In conclusion, ERC-4626 enables decentralized protocols to integrate with yield-bearing vaults more efficiently. It operates based on two tokens that are proportionate to each other. While there is a vulnerability to be aware of, with proper knowledge, vaults can be built in a safe and secure manner.

‍