Security: Price Manipulation in function sharesToUnderlyingView

[smartsmartsec]

Impact

• Denial of Service: By exploiting the manipulation, an attacker could disrupt the service availability.
• Escalation of Privileges: Manipulating share values might indirectly allow unauthorized access to broader system functionalities.
• Other：This vulnerability may allow an attacker to manipulate price calculations, potentially leading to unauthorized profit through arbitrage, or misleading financial reporting within the platform.

Affected component(s)

function sharesToUnderlyingView in StrategyBase.sol

Attack vector(s)

An attacker could exploit this vulnerability by interacting with the contract in a way that manipulates the virtualTotalShares or virtualTokenBalance variables, leading to incorrect ratio calculations.

Suggested description of the vulnerability for use in the CVE

The sharesToUnderlyingView function in Eigenlayer computes the conversion of shares to the underlying token using a formula (virtualTokenBalance * amountShares) / virtualTotalShares which is susceptible to arithmetic manipulation due to insufficient validation of the virtualTotalShares and virtualTokenBalance values. This could lead to an incorrect ratio calculation, potentially resulting in price manipulation and financial discrepancies.

Discoverer(s)/Credits

xFuzz

Proposed Solution

To mitigate this issue, it is recommended to implement proper input validation for virtualTotalShares and virtualTokenBalance to ensure that these values remain within logical and safe bounds. Additionally, using secure arithmetic operations to prevent overflow and underflow conditions can further secure the calculation process.

Reference(s)

• https://etherscan.io/address/0xdfdA04f980bE6A64E3607c95Ca26012Ab9aA46d3
• https://code4rena.com/reports/2021-08-notional#h-10-liquidity-token-value-can-be-manipulated
• https://code4rena.com/reports/2021-07-spartan#h-06-synthvault-rewards-can-be-gamed