First Flight #9: Soulmate
First Flight #9
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Function Vault.initVault is vulnerable to front-running

azanux

Summary

Function Vault.initVault is vulnerable to front-running

Vulnerability Details

Front-running is an attack vector whereby users watch the blockchain for transactions, then submit transac-
tions with higher gas prices to give their transactions a greater order preference to set ILoveToken loveToken, address managerContract before the owner of the contract.

Impact

In the scenario described, the concern is that a frontrunner could manipulate the system by deploying their own version of a manager contract. This manager contract could be designed to interact with the main contract in a way that allows the frontrunner to mint (create) LoveTokens for themselves, potentially in an unauthorized or unintended manner.Front-running can be applied to perform a Denial of Service (DoS)

Proof of Concept:
see files src/Vault.sol

function initVault(ILoveToken loveToken, address managerContract) public {
if (vaultInitialize) revert Vault__AlreadyInitialized();
loveToken.initVault(managerContract);
vaultInitialize = true;
}

Tools Used

manual Analysis

Recommendations

There are a number of techniques that can be used to prevent front running. One simple example is to limit the gas price of transactions.
Implement a timelock on critical transactions, which introduces a delay between the initiation and execution of a transaction.

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.