ERC-4626 after a failed inflation attack, how does vault recover assets with no shares?

Hi, I'm doing some tests with ERC-4626 and inflation attacks using OZ 5.02 and the standard ERC-4626 contract. When an inflation attack fails (because the attacker ends up not making a profit) I'm seeing situations where the vault still has assets locked inside it, but has zero shares. I don't see then how to rescue these locked assets.

I appreciate that in practice, no attacker would actually perform a failed inflation attack because they'd lose money. It is their money that ends up locked in the vault and the vault has no shares.

If this situation did happen, and I wanted to rescue asset tokens when the vault has no shares, would I need to add an additional function? (Like adding a "sweep()" or equivalent function to a vault to transfer out any asset tokens locked like this? It could be set to be only allowed to run if shares was zero.)

This is more about validating my understanding, rather than a real risk, because it's the attackers money that got locked, and it could stay locked forever without anyone caring.

Hello @NethDote

Because of the virtual assets and shares that we add to the ERC-4626 implementation, there cannot ever be a situation where there are 0 shares. There is always at least the virtual shares that "belong" to the vault.

Any assets that correspond to these shares are the property of the vault. There is not standard process to remove/retreive them. You should consider them locked/burned (unless the dev added a specific function to withdraw them).