Each segment in the Ammplify protocol functions as vault for compounded Makers. This makes the classic first deposit share inflation attack possible for any range which doesn't have liquidity yet:
- User wants to deposit liquidity into some range;
- There is no Ammplify Maker liquidity in some segment of the range (or all range);
- Attacker front-runs the deposit with minimum deposit, donates to uniswap liquidity range to increase liquidity share price;
- User deposit proceeds, taking necessary amounts of token0 / token1 from the user, but minting user 0 liquidity shares due to rounding (liquidity owed to user is less than 1 and thus rounded down). Uniswap liquidity itself is still minted, but it now belongs to the "vault" (attacker);
As a result, attacker steals all the deposit of the user with user getting 0 liquidity shares for his assets, losing all deposited funds.
Note, that there is some protection by enforcing minimum target liquidity. However, it is not effective and can be bypassed, because it targets liquidity itself, not liquidity shares. This means that after depositing minimum liquidity and doing donation to the pool range, the liquidity share price increases by orders of magnitude.
Alpha: always check the first deposit attacker everywhere, and note that even if there are certain mitigations, they can often be bypassed.
Conclusion
This finding would earn you $1196, and is the common inflation attack, with a minor check that must be bypassed, so make sure to not only find it, but also write in detail all technicalities.