From 877400f64567feffeb0fb3a5351f45b47c83d02a Mon Sep 17 00:00:00 2001 From: cairo Date: Wed, 9 Oct 2024 17:07:01 -0700 Subject: [PATCH] Specify inflation note scenarios --- contracts/token/ERC20/extensions/ERC4626.sol | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/contracts/token/ERC20/extensions/ERC4626.sol b/contracts/token/ERC20/extensions/ERC4626.sol index 73778b530ca..b0e8528956f 100644 --- a/contracts/token/ERC20/extensions/ERC4626.sol +++ b/contracts/token/ERC20/extensions/ERC4626.sol @@ -31,10 +31,10 @@ import {Math} from "../../../utils/math/Math.sol"; * The `_decimalsOffset()` corresponds to an offset in the decimal representation between the underlying asset's decimals * and the vault decimals. This offset also determines the rate of virtual shares to virtual assets in the vault, which * itself determines the initial exchange rate. While not fully preventing the attack, analysis shows that the default - * offset (0) makes it non-profitable even if an attacker is able to capture value from multiple user deposits, as a result - * of the value being captured by the virtual shares (out of the attacker's donation) matching the attacker's expected gains. - * With a larger offset, the attack becomes orders of magnitude more expensive than it is profitable. More details about the - * underlying math can be found xref:erc4626.adoc#inflation-attack[here]. + * offset (0) makes it non-profitable in most (but not all) practical scenarios, including when capturing value from + * multiple user deposits, as a result of the value being captured by the virtual shares (out of the attacker's donation) + * matching the attacker's expected gains. With a larger offset, the attack becomes orders of magnitude more expensive + * than it is profitable. More details about the underlying math can be found xref:erc4626.adoc#inflation-attack[here]. * * The drawback of this approach is that the virtual shares do capture (a very small) part of the value being accrued * to the vault. Also, if the vault experiences losses, the users try to exit the vault, the virtual shares and assets