GitBross Home Explore Help
Register Sign In
sol_Bo8des9o
/
openzeppelin-contracts
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Improve ERC4626 virtual offset notes (#4722)

Ernesto García 1 year ago
parent
74016c376a
commit
248be2fab0
1 changed files with 8 additions and 8 deletions
Split View Show Diff Stats
  1. 8 8
      contracts/token/ERC20/extensions/ERC4626.sol

+ 8 - 8
contracts/token/ERC20/extensions/ERC4626.sol
View File 

@@ -27,14 +27,14 @@ import {Math} from "../../../utils/math/Math.sol";
 
  * verifying the amount received is as expected, using a wrapper that performs these checks such as
 
  * https://github.com/fei-protocol/ERC4626#erc4626router-and-base[ERC4626Router].
 
  *
 
- * Since v4.9, this implementation uses virtual assets and shares to mitigate that risk. The `_decimalsOffset()`
 
- * corresponds to an offset in the decimal representation between the underlying asset's decimals and the vault
 
- * decimals. This offset also determines the rate of virtual shares to virtual assets in the vault, which itself
 
- * determines the initial exchange rate. While not fully preventing the attack, analysis shows that the default offset
 
- * (0) makes it non-profitable, as a result of the value being captured by the virtual shares (out of the attacker's
 
- * donation) matching the attacker's expected gains. With a larger offset, the attack becomes orders of magnitude more
 
- * expensive than it is profitable. More details about the underlying math can be found
 
- * xref:erc4626.adoc#inflation-attack[here].
 
+ * Since v4.9, this implementation introduces configurable virtual assets and shares to help developers mitigate that risk.
 
+ * The `_decimalsOffset()` corresponds to an offset in the decimal representation between the underlying asset's decimals
 
+ * and the vault decimals. This offset also determines the rate of virtual shares to virtual assets in the vault, which
 
+ * itself determines the initial exchange rate. While not fully preventing the attack, analysis shows that the default
 
+ * offset (0) makes it non-profitable even if an attacker is able to capture value from multiple user deposits, as a result
 
+ * of the value being captured by the virtual shares (out of the attacker's donation) matching the attacker's expected gains.
 
+ * With a larger offset, the attack becomes orders of magnitude more expensive than it is profitable. More details about the
 
+ * underlying math can be found xref:erc4626.adoc#inflation-attack[here].
 
  *
 
  * The drawback of this approach is that the virtual shares do capture (a very small) part of the value being accrued
 
  * to the vault. Also, if the vault experiences losses, the users try to exit the vault, the virtual shares and assets