feat: add readme section explaining attack

marsfoundation · May 30, 2024 · 62ef5c2 · 62ef5c2
1 parent 259cf16
commit 62ef5c2
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -11,6 +11,10 @@ PSM contracts to either:
 - Convert between a tokenization of an asset (ex. USDC) and a yield-bearing version of the asset (ex. sDAI).
 - Convert one to one between directly correlated assets (ex. USDC-DAI).
 
+## [CRITICAL]: First Depositor Attack Prevention on Deployment
+
+On the deployment of the PSM, the deployer **MUST make an initial deposit in order to protect the first depositor from getting attacked with a share inflation attack**. This is outlined further [here](https://github.com/marsfoundation/spark-automations/assets/44272939/9472a6d2-0361-48b0-b534-96a0614330d3). 1000 shares minted is determined to be sufficient to prevent this attack. Technical details related to this can be found in `test/InflationAttack.t.sol`. The deployment script [TODO] in this repo contains logic for the deployer to perform this initial deposit, so it is **HIGHLY RECOMMENDED** to use this deployment script when deploying the PSM. Reasoning for the technical implementation approach taken is outlined in more detail [here](https://github.com/marsfoundation/spark-psm/pull/2).
+
 ## Usage
 
 ```bash