Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Previous Next
Submission Details
Severity: high

deployProxyAndDistributeBySignature() can be frontruned

ivanfitro

Summary

deployProxyAndDistributeBySignature() is susceptible to frontrunning, where an attacker can exploit the transaction by replication the transaction with a higher gas fee.

Vulnerability Details

ProxtFactory.sol is responsible for both creating proxies and invoking them to deliver rewards to the winners. deployProxyAndDistributeBySignature() permits a user to deploy a proxy and sends rewards to the winners on the organizer's behalf, granted they possess the necessary signature. However, if an attacker monitors the mempool and identifies the transaction, they can replicate it with a higher gas fee and alterating the data field for positioning themselves as the sole recipient of rewards causing that their transaction be verfied first stealing the funds.

function deployProxyAndDistributeBySignature(
address organizer,
bytes32 contestId,
address implementation,
bytes calldata signature,
bytes calldata data
) public returns (address) {
bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(contestId, data)));
if (ECDSA.recover(digest, signature) != organizer) revert ProxyFactory__InvalidSignature();
bytes32 salt = _calculateSalt(organizer, contestId, implementation);
if (saltToCloseTime[salt] == 0) revert ProxyFactory__ContestIsNotRegistered();
if (saltToCloseTime[salt] > block.timestamp) revert ProxyFactory__ContestIsNotClosed();
address proxy = _deployProxy(organizer, contestId, implementation);
_distribute(proxy, data);
return proxy;
}

Impact

The rewards of the winners could be stolen.

Tools Used

Manual review.

Recommendations

A solution to this issue could involve the implementation of a mapping that grants explicit approval to certain users for utilizing the organizer's signature.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.