Securing ERC-4626 Vaults in Production: A Developer's Checklist After the sDOLA Donation Attack

On March 2, 2026, an attacker drained approximately $239,000 from the sDOLA Llamalend Market on Ethereum. The weapon? A donate() function that let anyone inflate the vault's share price, triggering cascading liquidations. The vulnerability class — ERC-4626 donation/inflation attacks — has been known since 2022, yet protocols keep shipping vulnerable vaults. This isn't another "here's what happened" postmortem. This is the security checklist your ERC-4626 vault needs before it touches mainnet. The Anatomy of a Donation Attack (30-Second Version) ERC-4626 vaults calculate shares using: shares = (depositAmount × totalSupply) / totalAssets Solidity uses integer division (rounds down). If an attacker can inflate totalAssets without minting new shares, the math breaks: Vault is empty. Attacker deposits 1 wei → gets 1 share Attacker donates 10,000 USDC directly to the vault contract Next depositor puts in 9,999 USDC → (9999 × 1) / 10000 = 0 shares Attacker redeems their 1 share → walks away w