Steadefi

DeFiHardhatFoundryOracle

35,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Keepers/OpenZepplin Relayers transactions are highly susceptible to Frontrunning

inzinko

Summary

Keepers, such as those integrated with OpenZeppelin Defender, play a vital role in automating maintenance tasks as pointed out in the protocol. However, this automation can be vulnerable to frontrunning.

Vulnerability Details

The deterministic behavior of keeper transactions can be predicted and exploited by frontrunners. The transactions to be made by keepers are well known and very predictable and a malicious actor with enough time to study, the maintenance sequence of the keepers can figure out when and where those transactions can be exploited and profited from.

Impact

The impact this will have is if a Malicious actor can study how to manipulate the actions of these relayers /Keepers, they could potentially either cause a DOS in the Vaults or Make a Profit of their Actions

Tools Used

Recommendations

The Actions of the Keepers being monitored are not a devastating issue, but it has a probability of escalating to a higher level in different types of circumstances. So the Protocol should Keep this in mind for their future Operations.

Updates

Lead Judging Commences

hans Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

2,289

15 USDC / LOC

High Medium

33,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.