I meant something like following in ERC4626 vault where _decimalsOffset()
returns 0. The attacker will be at loss initially but can turn it into profit eventually.
- Attacker deposits 1 asset
- Attacker shares =1
- total shares = 2(due to virtual shares)
- total asset = 2(due to virtual assets)
Victim wants to deposit 5000 but was frontrun:
Attacker donates = 10000
- Attacker shares =1
- total shares = 2(due to virtual shares)
- total asset = 10002
Attacker loss due to virtual share of 1
= 10002/2 = 5001
- Victim deposit = 5000
- shares alloted = 2 * 5000/10002 = 0
Now,
- Attacker shares =1
- total shares = 2(due to virtual shares)
- Victim shares = 0
- total asset = 15002
Finally,
Attacker total deposit as of now = 15002
Attacker loss = 10000-15002/2 = 10000-7501 = 2499
With each deposits attacker will overcome loss and eventually get in profit. In this case if he had frontrun 3 victims with 5000 amount each then he would end up in profit