DittoETH

Ditto
DeFiFoundryOracle
55,000 USDC
View results
Submission Details
Severity: medium
Invalid

Front Running cancelOrderFarFromOracle

Summary

Vulnerability Details

File Path: 2023-09-ditto/contracts/facets/OrdersFacet.sol
Line: 124

Function: cancelOrderFarFromOracle

This function enables the mass cancellation of orders that diverge substantially from the oracle's price. It presents a potential vulnerability to front-running attacks, where malicious actors could monitor price fluctuations from the oracle and preemptively trigger this function to cancel orders.

To mitigate this risk, we advise implementing further security measures or restrictions to control the conditions and accessibility of this function. The introduction of access control and rate limiting could significantly reduce the front-running risk associated with this function.

Impact

Tools Used

Manual

Recommendations

To mitigate front-running risk, we propose the adoption of a commit-reveal scheme. This strategy necessitates users to initially present a hashed version of their order (the "commit"), followed by a subsequent disclosure of the order specifics. This technique effectively deters front-runners as they are unable to access the order specifics until the reveal phase.

Updates

Lead Judging Commences

0xnevi Lead Judge
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.