ERC4626: document _decimalsOffset and add inflation attack example

[Ra9huvansh]

Fixes #6412

This PR enhances the inflation attack documentation in ERC4626 as suggested in the issue:

• Adds a _decimalsOffset override code example inside the existing [CAUTION] block, so developers have a concrete actionable snippet alongside the warning
• Adds @dev NatSpec to _decimalsOffset, which previously had no documentation despite being the primary mitigation mechanism for the inflation attack

No logic changes. Documentation only.

PR Checklist

• Tests
• Documentation
• Changeset entry (run npx changeset add)

[changeset-bot]

🦋 Changeset detected

Latest commit: 8b9fa65

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 0 packages

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 72a0a5c7-c0a0-4cde-ab69-69c7769cb8fd

📥 Commits

Reviewing files that changed from the base of the PR and between 9cfdccd and 8e33e87.

📒 Files selected for processing (1)

• contracts/token/ERC20/extensions/ERC4626.sol

---

Walkthrough

The ERC4626 contract documentation has been enhanced with additional commentary and a code example. The _decimalsOffset() function's inline documentation has been expanded to clarify its purpose in mitigating inflation attacks and to explicitly note its default return value of 0. A usage example demonstrating how to override _decimalsOffset() to return 18 has been added to the documentation. The function's signature and default implementation remain unchanged. These are documentation-only changes with no modifications to the contract's logic or public interface.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'ERC4626: document _decimalsOffset and add inflation attack example' directly and accurately summarizes the main change: adding documentation and a code example for _decimalsOffset to address the inflation attack risk.
Description check	✅ Passed	The description is directly related to the changeset, explaining the documentation enhancements (code example and @dev NatSpec) being made to address the inflation attack risk in ERC4626.
Linked Issues check	✅ Passed	The PR successfully meets the linked issue #6412 requirements: it adds a concrete code example for _decimalsOffset() override in the [CAUTION] block and adds @dev NatSpec documentation to _decimalsOffset as the primary mitigation mechanism.
Out of Scope Changes check	✅ Passed	All changes are in scope as documentation-only updates to ERC4626 addressing the inflation attack risk. No unrelated or out-of-scope changes are introduced.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}