DittoETH

Summary

Vulnerability Details

File Path: 2023-09-ditto/contracts/facets/OrdersFacet.sol
Line: 124

Function: cancelOrderFarFromOracle

This function enables the mass cancellation of orders that diverge substantially from the oracle's price. It presents a potential vulnerability to front-running attacks, where malicious actors could monitor price fluctuations from the oracle and preemptively trigger this function to cancel orders.

To mitigate this risk, we advise implementing further security measures or restrictions to control the conditions and accessibility of this function. The introduction of access control and rate limiting could significantly reduce the front-running risk associated with this function.

Impact

Tools Used

Manual

Recommendations

To mitigate front-running risk, we propose the adoption of a commit-reveal scheme. This strategy necessitates users to initially present a hashed version of their order (the "commit"), followed by a subsequent disclosure of the order specifics. This technique effectively deters front-runners as they are unable to access the order specifics until the reveal phase.