Known Issues - scallop-io/sui-lending-protocol GitHub Wiki
1. Rounding errors when the total supply is zero
Issue description:
Exploits rounding errors when the total supply is zero by repeatedly minting and redeeming sCoins in a loop. By strategically depositing 2^n - 1 assets and leveraging rounding down during share calculations, the attacker inflates the share price exponentially with each iteration. This results in an artificially high price for 1 of sCoin, while the supply remains at 1 and total deposits grow exponentially.
Possible solution:
When creating a new pool, ensure that one team member mints the sCoin first and then sends it to a dead address.