Vault Rounding
Detects rounding direction errors in ERC-4626 vault share calculations that allow attackers to extract value through precision manipulation.
Vault Rounding
Overview
The vault rounding detector identifies share-to-asset and asset-to-share conversion functions that round in the wrong direction, favoring the user over the vault. ERC-4626 specifies that deposit and mint should round down shares (against the user), while withdraw and redeem should round up assets (against the user). Rounding in the opposite direction allows attackers to extract dust-level profits per transaction, which compound into significant losses at scale.
Why This Is an Issue
Incorrect rounding in vault calculations creates an arbitrage opportunity. If convertToShares rounds up instead of down during deposits, a user receives slightly more shares than they deserve. If convertToAssets rounds up during withdrawals, a user receives slightly more assets. Attackers can automate thousands of deposit/withdraw cycles per block, extracting value from the vault with each iteration.
How to Resolve
// Fixed: Follow ERC-4626 rounding conventions
function convertToShares(uint256 assets) public view returns (uint256) {
uint256 supply = totalSupply();
return supply == 0 ? assets : assets.mulDiv(supply, totalAssets(), Math.Rounding.Floor);
// Floor = round DOWN = fewer shares = favor vault on deposit
}
function convertToAssets(uint256 shares) public view returns (uint256) {
uint256 supply = totalSupply();
return supply == 0 ? shares : shares.mulDiv(totalAssets(), supply, Math.Rounding.Floor);
// Floor = round DOWN = fewer assets = favor vault on withdrawal
}Detection Methodology
- Division detection in share math: Identifies division operations in functions matching deposit/withdraw/mint/redeem patterns.
- Rounding direction inference: Analyzes whether the division result is rounded up (via
(a + b - 1) / bormulDivUppatterns) or down (plain division). - Context matching: Determines whether the function is a deposit-side or withdraw-side operation based on the flow of tokens and shares.
- Mismatch flagging: Flags when deposit-side rounds up (favoring user) or withdraw-side rounds up (favoring user).
Limitations
False positives: Custom vault implementations that intentionally round in favor of users as a feature may be flagged. False negatives: Rounding implemented via assembly or through non-standard math libraries may not be detected.
Related Detectors
- Vault Inflation — detects first-depositor inflation attacks
- Precision Errors — detects general precision loss