Known Issues - scallop-io/sui-lending-protocol GitHub Wiki

1. Rounding errors when the total supply is zero

Issue description:

Exploits rounding errors when the total supply is zero by repeatedly minting and redeeming sCoins in a loop. By strategically depositing 2^n - 1 assets and leveraging rounding down during share calculations, the attacker inflates the share price exponentially with each iteration. This results in an artificially high price for 1 of sCoin, while the supply remains at 1 and total deposits grow exponentially.

Possible solution:

When creating a new pool, ensure that one team member mints the sCoin first and then sends it to a dead address.